Framework of Probabilistic Risk Assessment for Security and Reliability

With advances and globalization of information technology such as big data and cloud computing, topics about potential risks with security vulnerabilities have been brought to the forefront. Considerable efforts have been made to estimate network security risk with an unlimited cycle of disclosed vulnerabilities in the form of threats or attacks and managements to migrate these risks. On the other hand, reliability is often considered as one of the most vital factors that affect functions of critical computing systems. In this work, we explore a framework for considering both security and reliability risks, where their causes and effects are investigated. Risk assessment considering both security and reliability is then demonstrated through a case study, where a cloud RAID (redundant array of independent disks) storage system under DoS (denial-of-service) attacks is modeled and analyzed using an analytical method integrating Markov chains and binary decision diagrams.

[1]  Sarfraz Nawaz Brohi Seven Deadly Threats and Vulnerabilities in Cloud Computing , 2011 .

[2]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[3]  Tongdan Jin,et al.  A HIERARCHICAL MARKOV RELIABILITY MODEL FOR DATA STORAGE SYSTEMS WITH MEDIA SELF-RECOVERY , 2011 .

[4]  John A. Sokolowski,et al.  Probabilistic Risk Analysis and Terrorism Risk , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[5]  Mohammad Modarres Probabilistic Risk Assessment , 2008 .

[6]  Ernest J. Henley,et al.  Probabilistic risk assessment : reliability engineering, design, and analysis , 1992 .

[7]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[8]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[9]  Liudong Xing,et al.  Fault-Intrusion Tolerant Techniques in Wireless Sensor Networks , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[10]  Liudong Xing,et al.  Exact combinatorial reliability analysis of dynamic systems with sequence-dependent failures , 2011, Reliab. Eng. Syst. Saf..

[11]  Hui Xiong,et al.  VMRaS: A Novel Virtual Machine Risk Assessment Scheme in the Cloud Environment , 2013, 2013 IEEE International Conference on Services Computing.

[12]  H.E. Michel,et al.  Integrated modeling for wireless sensor networks reliability and security , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[13]  Ryan K. L. Ko,et al.  Cloud computing vulnerability incidents: a statistical overview , 2013 .

[14]  Mohammad Modarres,et al.  Reliability engineering and risk analysis : a practical guide , 2016 .

[15]  Liudong Xing,et al.  Binary Decision Diagrams and Extensions for System Reliability Analysis: Xing/Binary , 2015 .

[16]  Carsten Rudolph,et al.  A property based security risk analysis through weighted simulation , 2011, 2011 Information Security for South Africa.

[17]  Gregory Levitin,et al.  Multi-State System Reliability - Assessment, Optimization and Applications , 2003, Series on Quality, Reliability and Engineering Statistics.

[18]  N. B. Anuar,et al.  The rise of "big data" on cloud computing: Review and open research issues , 2015, Inf. Syst..

[19]  Cheng Lin,et al.  Computer Network Security and Technology Research , 2015, 2015 Seventh International Conference on Measuring Technology and Mechatronics Automation.

[20]  Fayssal M. Safie,et al.  Reliability and probabilistic risk assessment — How they play together , 2015, 2015 Annual Reliability and Maintainability Symposium (RAMS).

[21]  C. K. Hansen,et al.  Heterogeneous part quality as a sourve of reliability improvement in repairable systems , 1991 .

[22]  荒井 喜之 SECURITY REPORT 防衛庁の取得改革 , 1997 .

[23]  Zahra Mohaghegh,et al.  Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization , 2009, Reliab. Eng. Syst. Saf..

[24]  Sachin Shetty,et al.  Security Risk Assessment of Cloud Carrier , 2013, 2013 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing.