Automatic security management of smart infrastructures using attack graph and risk analysis

Abstract

Smart infrastructure integrates cyberphysical systems, self-organizing networks of devices, fog computing to enhance the quality and convenience of manufacturing and social life, providing efficient resource management and increasing productivity and availability of traditional services. New technologies are characterized with a high degree of heterogeneity, structural complexity, and dynamic topology that result in a large number of new information and cyber security threats. Given a high degree of integration of digital cyber space into the processes of management, monitoring, aggregation, and data transferring, an assessment of its security level is a necessary requirement to maintain and control a safe and reliable environment for handling data and performing physical processes. Risk analysis and assessment is an extremely important task at all stages of the life cycle of subsystems and components of the smart environment. It allows us to assess a level of protection, identify vulnerable assets, and counteract the most likely directions of security threats. The known methods for security risk assessment do not consider the features of modern smart technologies, and this forces us to search for new approaches. This paper proposes a comprehensive method that includes a calculation of security indicators, risk assessment and selection of protective measures, based on attack graphs and thus allows us to consider the dynamics of changes in the components of the smart infrastructure. The automated system for assessing the security risks in the smart infrastructure and choosing the protective measures has been implemented.