Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to help considering these problems is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we define and implement the translation of attack-fault trees (AFTs) to a new extension of timed automata, called parametric weighted timed automata. This allows us to parametrize constants such as time and discrete costs in an AFT and then, using the model-checker IMITATOR, ...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
As the critical systems we rely on every day, such as nuclear power plants and airplanes, become eve...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...
This is the extended version of the manuscript of the same name published in ACSD 2019.International...
This manuscript is the author version of the manuscript of the same name published in Fundamenta Inf...
peer reviewedPerforming a thorough security risk assessment of an organisation has always been chall...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
As cyber-physical systems become more and more complex, human debugging is not sufficient anymore to...
Cyber physical systems, like power plants, medical devices and data centers have to meet high standa...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
As the critical systems we rely on every day, such as nuclear power plants and airplanes, become eve...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...
This is the extended version of the manuscript of the same name published in ACSD 2019.International...
This manuscript is the author version of the manuscript of the same name published in Fundamenta Inf...
peer reviewedPerforming a thorough security risk assessment of an organisation has always been chall...
Performing a thorough security risk assessment of an organisation has always been challenging, but w...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
As cyber-physical systems become more and more complex, human debugging is not sufficient anymore to...
Cyber physical systems, like power plants, medical devices and data centers have to meet high standa...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
As the critical systems we rely on every day, such as nuclear power plants and airplanes, become eve...
In this paper, a new method for quantitative security risk assessment of complex systems is presente...