A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces-Reference-Cited by-同舟云学术

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

Published:2021-09-14 Issue: Volume: Page:
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Zhang Lu^ORCID,Taal Arie,Cushing Reginald,de Laat Cees,Grosso Paola

Abstract

AbstractSecurity is a top concern in digital infrastructure and there is a basic need to assess the level of security ensured for any given application. To accommodate this requirement, we propose a new risk assessment system. Our system identifies threats of an application workflow, computes the severity weights with the modified Microsoft STRIDE/DREAD model and estimates the final risk exposure after applying security countermeasures in the available digital infrastructures. This allows potential customers to rank these infrastructures in terms of security for their own specific use cases. We additionally present a method to validate the stability and resolution of our ranking system with respect to subjective choices of the DREAD model threat rating parameters. Our results show that our system is stable against unavoidable subjective choices of the DREAD model parameters for a specific use case, with a rank correlation higher than 0.93 and normalised mean square error lower than 0.05.

Funder

Nederlandse Organisatie voor Wetenschappelijk Onderzoek

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-021-00566-3.pdf

Reference23 articles.

1. Sagiroglu, S., Sinanc, D.: Big data: a review. In: 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 42–47. IEEE (2013)

2. Zhang, L., Cushing, R., Gommans, L., De Laat, C., Grosso, P.: Modeling of collaboration archetypes in digital market places. IEEE Access 7, 102689–102700 (2019)

3. Luna, J., Ghani, H., Vateva, T., Suri, N.: Quantitative assessment of cloud security level agreements: a case study. In: Proc. of Security and Cryptography, pp. 64–73 (2012)

4. Shaikh, R., Sasikumar, M.: Trust model for measuring security strength of cloud computing service. Procedia Comput. Sci. 45, 380–389 (2015)

5. Sen, A., Madria, S.: Off-line risk assessment of cloud service provider. In: 2014 IEEE World Congress on Services, pp. 58–65. IEEE (2014)

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Securing IoT systems in a post-quantum environment: Vulnerabilities, attacks, and possible solutions;Internet of Things;2024-04

2. Towards a Security Analysis of Radiological Medical Devices using the MITRE ATT&CK Framework;SoutheastCon 2024;2024-03-15

3. Remote Patient Care System: An Arduino-Based Case Study;2024 Seventh International Women in Data Science Conference at Prince Sultan University (WiDS PSU);2024-03-03

4. GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control Systems;Applied Sciences;2024-01-16

5. Security and privacy of digital economic risk assessment system based on cloud computing and blockchain;Soft Computing;2024-01-10