Recently, due to the increasing complexity and wider adoption of heterogeneous systems, the management of security properties, vulnerabilities and risks of systems by integrating and structuring existing components, is becoming more and more crucial. A particular aspect to be considered is the Risk Analysis and, specifically, the analysis of the Systemic Risk. This risk derives from the interdependence of the system under consideration, from services provided by other systems and, in general, from the interactions among them. In fact, it may happen that an adverse event, which occurs at a certain system that is not properly controlled, can cause dangerous effects that, through its propagation to other interconnected systems, would/could compromise their operation. Thus, suitable engineering approaches need to be exploited to prevent and manage the risks arising from the integration of system components so as to increase the security of systems, data and even human life. In this context, the paper proposes specific extensions of a Goal Oriented methodology for Requirement Modeling, called GOReM, through the RAMSoS method, natively conceived for supporting dependability analysis. Such combination enables the modeling and the evaluation of the Systemic Risk centered on agent-based simulation techniques. The combination of RAMSoS and GOReM is experimented on a case study concerning an online payment service, by evaluating the impact of the failure of a single component on the overall system.
Extending GOReM through the RAMSoS method for supporting modeling and virtual evaluation of the Systemic Risk
FURFARO, Angelo;GALLO T;GARRO, Alfredo;SACCÀ D;TUNDIS A;CITRIGNO S;GRAZIANO S.
2016-01-01
Abstract
Recently, due to the increasing complexity and wider adoption of heterogeneous systems, the management of security properties, vulnerabilities and risks of systems by integrating and structuring existing components, is becoming more and more crucial. A particular aspect to be considered is the Risk Analysis and, specifically, the analysis of the Systemic Risk. This risk derives from the interdependence of the system under consideration, from services provided by other systems and, in general, from the interactions among them. In fact, it may happen that an adverse event, which occurs at a certain system that is not properly controlled, can cause dangerous effects that, through its propagation to other interconnected systems, would/could compromise their operation. Thus, suitable engineering approaches need to be exploited to prevent and manage the risks arising from the integration of system components so as to increase the security of systems, data and even human life. In this context, the paper proposes specific extensions of a Goal Oriented methodology for Requirement Modeling, called GOReM, through the RAMSoS method, natively conceived for supporting dependability analysis. Such combination enables the modeling and the evaluation of the Systemic Risk centered on agent-based simulation techniques. The combination of RAMSoS and GOReM is experimented on a case study concerning an online payment service, by evaluating the impact of the failure of a single component on the overall system.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
