University of Limerick
Browse

On the automated management of security incidents in smart spaces

Download (6.26 MB)
journal contribution
posted on 2024-03-26, 08:58 authored by Faeq AlrimawiFaeq Alrimawi, Liliana Pasquale, Bashar NuseibehBashar Nuseibeh

The proliferation of smart spaces, such as smart buildings, is increasing opportunities for offenders to exploit the interplay between cyber and physical components, in order to trigger security incidents. Organizations are obliged to report security incidents to comply with recent data protection regulations. Organizations can also use incident reports to improve security of the smart spaces where they operate. Incident reporting is often documented in structured natural language. However, reports often do not capture relevant information about cyber and physical vulnerabilities present in a smart space that are exploited during an incident. Moreover, sharing information about security incidents can be difficult, or even impossible, since a report may contain sensitive information about an organization. In previous work, we provided a meta-model to represent security incidents in smart spaces. We also developed an automated approach to share incident knowledge across different organizations. In this paper we focus on incident reporting. We provide a System Editor to represent smart buildings where incidents can occur. Our editor allows us to represent cyber and physical components within a smart building and their interplay. We also propose an Incident Editor to represent the activities of an incident, including —for each activity— the target and the resources exploited, the location where the activity occurred, and the activity initiator. Building on our previous work, incidents represented using our editor can be shared across various organizations, and instantiated in different smart spaces to assess how they can re-occur. We also propose an Incident Filter component that allows viewing and prioritizing the most relevant incident instantiations, for example, involving a minimum number of activities. We assess the feasibility of our approach in assisting incident reporting using an example of a security incident that occurred in a research center.

Funding

Lero - the Irish Software Research Centre

Science Foundation Ireland

Find out more...

Forensic Investigations for Cyber-Physical Incidents

Science Foundation Ireland

Find out more...

History

Publication

IEEE Access, 2019, 7, pp. 111513-111527

Publisher

Institute of Electrical and Electronics Engineers

Also affiliated with

  • LERO - The Science Foundation Ireland Research Centre for Software

Sustainable development goals

  • (9) Industry, Innovation and Infrastructure

Usage metrics

    University of Limerick

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC