An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector - Service IntEgration and netwoRk Administration Access content directly
Journal Articles Sensors Year : 2022

An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector

Christos Grigoriadis
  • Function : Author
  • PersonId : 1122947
Panayiotis Kotzanikolaou
  • Function : Author
  • PersonId : 1122948

Abstract

Maritime processes involve actors and systems that continuously change their underlying environment, location and threat exposure. Thus, risk mitigation requires a dynamic risk assessment process, coupled with an adaptive, event driven security enforcement mechanism, to efficiently deal with dynamically evolving risks in a cost efficient manner. In this paper, we propose an adaptive security framework that covers both situational risk assessment and situational driven security policy deployment. We extend MITIGATE, a maritime-specific risk assessment methodology, to capture situations in the risk assessment process and thus produce fine-grained and situation-specific, dynamic risk estimations. Then, we integrate DynSMAUG, a situation-driven security management system, to enforce adaptive security policies that dynamically implement security controls specific to each situation. To validate the proposed framework, we test it based on maritime cargo transfer service. We utilize various maritime specific and generic systems employed during cargo transfer, to produce dynamic risks for various situations. Our results show that the proposed framework can effectively assess dynamic risks per situation and automate the enforcement of adaptive security controls per situation. This is an important improvement in contrast to static and situation-agnostic risk assessment frameworks, where security controls always default to worst-case risks, with a consequent impact on the cost and the applicability of proper security controls.
Fichier principal
Vignette du fichier
sensors-22-00238-v2.pdf (647.84 Ko) Télécharger le fichier
Origin Publisher files allowed on an open archive

Dates and versions

hal-03505045 , version 1 (03-01-2022)

Licence

Identifiers

Cite

Christos Grigoriadis, Romain Laborde, Antonin Verdier, Panayiotis Kotzanikolaou. An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector. Sensors, 2022, Cyber Situational Awareness in Computer Networks, 22 (1), pp.238. ⟨10.3390/s22010238⟩. ⟨hal-03505045⟩
153 View
177 Download

Altmetric

Share

Gmail Mastodon Facebook X LinkedIn More