Biblio

Faced with a turbulent economic, political and social environment, Companies need to build effective risk management systems in their supply chains. Risk management can only be effective when the risks identification and analysis are enough accurate. In this perspective, this paper proposes a risk assessment approach based on the analytic hierarchy process and group decision making. In this study, a new method is introduced that will reduce the impact of incoherent judgments on group decision-making, It is, the “reduced weight function” that decreases the weight associated to a member of the expert panel based on the consistency of its judgments.

While we have long had principles describing how access control enforcement should be implemented, such as the reference monitor concept, imprecision in access control mechanisms and access control policies leads to risks that may enable exploitation. In practice, least privilege access control policies often allow information flows that may enable exploits. In addition, the implementation of access control mechanisms often tries to balance security with ease of use implicitly (e.g., with respect to determining where to place authorization hooks) and approaches to tighten access control, such as accounting for program context, are ad hoc. In this paper, we define four types of risks in access control enforcement and explore possible approaches and challenges in tracking those types of risks. In principle, we advocate runtime tracking to produce risk estimates for each of these types of risk. To better understand the potential of risk estimation for authorization, we propose risk estimate functions for each of the four types of risk, finding that benign program deployments accumulate risks in each of the four areas for ten Android programs examined. As a result, we find that tracking of relative risk may be useful for guiding changes to security choices, such as authorized unsafe operations or placement of authorization checks, when risk differs from that expected.

Humans can easily find themselves in high cost situations where they must choose between suggestions made by an automated decision aid and a conflicting human decision aid. Previous research indicates that humans often rely on automation or other humans, but not both simultaneously. Expanding on previous work conducted by Lyons and Stokes (2012), the current experiment measures how trust in automated or human decision aids differs along with perceived risk and workload. The simulated task required 126 participants to choose the safest route for a military convoy; they were presented with conflicting information from an automated tool and a human. Results demonstrated that as workload increased, trust in automation decreased. As the perceived risk increased, trust in the human decision aid increased. Individual differences in dispositional trust correlated with an increased trust in both decision aids. These findings can be used to inform training programs for operators who may receive information from human and automated sources. Examples of this context include: air traffic control, aviation, and signals intelligence.

As cyber-physical systems (CPS) become prevalent in everyday life, it is critical to understand the factors that may impact the security of such systems. In this paper, we present insights from an initial study of historical security incidents to analyse such factors for a particular class of CPS: industrial control systems (ICS). Our study challenges the usual tendency to blame human fallibility or resort to simple explanations for what are often complex issues that lead to a security incident. We highlight that (i) perception errors are key in such incidents (ii) latent design conditions – e.g., improper specifications of a system's borders and capabilities – play a fundamental role in shaping perceptions, leading to security issues. Such design-time considerations are particularly critical for ICS, the life-cycle of which is usually measured in decades. Based on this analysis, we discuss how key characteristics of future smart CPS in such industrial settings can pose further challenges with regards to tackling latent design flaws.

When reasoning about software security, researchers and practitioners use the phrase ``attack surface'' as a metaphor for risk. Enumerate and minimize the ways attackers can break in then risk is reduced and the system is better protected, the metaphor says. But software systems are much more complicated than their surfaces. We propose function- and file-level attack surface metrics–-proximity and risky walk–-that enable fine-grained risk assessment. Our risky walk metric is highly configurable: we use PageRank on a probability-weighted call graph to simulate attacker behavior of finding or exploiting a vulnerability. We provide evidence-based guidance for deploying these metrics, including an extensive parameter tuning study. We conducted an empirical study on two large open source projects, FFmpeg and Wireshark, to investigate the potential correlation between our metrics and historical post-release vulnerabilities. We found our metrics to be statistically significantly associated with vulnerable functions/files with a small-to-large Cohen's d effect size. Our prediction model achieved an increase of 36% (in FFmpeg) and 27% (in Wireshark) in the average value of F-measure over a base model built with SLOC and coupling metrics. Our prediction model outperformed comparable models from prior literature with notable improvements: 58% reduction in false negative rate, 81% reduction in false positive rate, and 548% increase in F-measure. These metrics advance vulnerability prevention by [(a)] being flexible in terms of granularity, performing better than vulnerability prediction literature, and being tunable so that practitioners can tailor the metrics to their products and better assess security risk.

A novel approach is developed for analyzing power system vulnerability related to extraordinary events. Vulnerability analyses are necessary for identification of barriers to prevent such events and as a basis for the emergency preparedness. Identification of cause and effect relationships to reveal vulnerabilities related to extraordinary events is a complex and difficult task. In the proposed approach, the analysis starts by identifying the critical consequences. Then the critical contingencies and operating states, and which external threats and causes that may result in such severe consequences, are identified. This is opposed to the traditional risk and vulnerability analysis which starts by analyzing threats and what can happen as a chain of events. The vulnerability analysis methodology is tested and demonstrated on real systems.

There are relatively fewer studies on the security-check waiting lines for screening cargo containers using queueing models. In this paper, we address two important measures at a security-check system, which are concerning the security screening effectiveness and the efficiency. The goal of this paper is to provide a modelling framework to understand the economic trade-offs embedded in container-inspection decisions. In order to analyze the policy initiatives, we develop a stylized queueing model with the novel features pertaining to the security checkpoints.

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.

The use of multi-terminal HVDC to integrate wind power coming from the North Sea opens de door for a new transmission system model, the DC-Independent System Operator (DC-ISO). DC-ISO will face highly stressed and varying conditions that requires new risk assessment tools to ensure security of supply. This paper proposes a novel risk-based static security assessment methodology named risk-based DC security assessment (RB-DCSA). It combines a probabilistic approach to include uncertainties and a fuzzy inference system to quantify the systemic and individual component risk associated with operational scenarios considering uncertainties. The proposed methodology is illustrated using a multi-terminal HVDC system where the variability of wind speed at the offshore wind is included.

Humans can easily find themselves in high cost situations where they must choose between suggestions made by an automated decision aid and a conflicting human decision aid. Previous research indicates that humans often rely on automation or other humans, but not both simultaneously. Expanding on previous work conducted by Lyons and Stokes (2012), the current experiment measures how trust in automated or human decision aids differs along with perceived risk and workload. The simulated task required 126 participants to choose the safest route for a military convoy; they were presented with conflicting information from an automated tool and a human. Results demonstrated that as workload increased, trust in automation decreased. As the perceived risk increased, trust in the human decision aid increased. Individual differences in dispositional trust correlated with an increased trust in both decision aids. These findings can be used to inform training programs for operators who may receive information from human and automated sources. Examples of this context include: air traffic control, aviation, and signals intelligence.