On the Automated Management of Security Incidents in Smart Space

Alrimawi, Faeq; Pasquale, Liliana and Nuseibeh, Bashar (2019). On the Automated Management of Security Incidents in Smart Space. IEEE Access, 7 pp. 111513–111527.

DOI: https://doi.org/10.1109/ACCESS.2019.2934221

Abstract

The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including —for each activity— the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center.

Viewing alternatives

Metrics

Item Actions

Export

You can export this page using these formats Digital Object Identifier - DOI

About

• Item ORO ID
• 66724
• Item Type
• Journal Item
• ISSN
• 2169-3536
• Project Funding Details

• Funded Project Name	Project ID	Funding Body
  Lero	13/RC/2094	SFI
  SAUSE: Secure, Adaptive, Usable Software Engineering	EP/R013144/1 (previous: EP/R005095/1)	EPSRC (Engineering and Physical Sciences Research Council)

• Keywords
• software engineering, security, forensics
• Academic Unit or School
• Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
  Faculty of Science, Technology, Engineering and Mathematics (STEM)
• Research Group
• Software Engineering and Design (SEAD)
• Copyright Holders
• © 2019 IEEE
• Depositing User
• Bashar Nuseibeh