An Object-Oriented Approach for Modelling Security Scenarios

In this article the authors derive an object-oriented model for structuring threat scenarios. Underpinned by the core principles of realistic evaluation, the model focuses on the specification of events related to the goals of the protagonists. For the development of the model, relevant objects within the ecosystem were specified, and the potential modifications of their properties were linked to causal events. The modelling approach encourages scenario modellers to specify only the relevant elements of the ecosystem and ignore less relevant ones, by identifying the cause-effect relationships between objects. The article illustrates the proposed method through a concrete threat scenario, involving a three-step terrorist attack. The structured format presented in this article provides a useful template that has been tested in the EU FP7 project RIBS. The model was successfully employed to create a computer simulation and communicate the constraints of the problem to a team of engineers, architects and security experts.

[1]  John Haigh,et al.  Probabilistic Risk Analysis: Foundations and Methods , 2003 .

[2]  Ronald V. Clarke,et al.  Become a Problem-Solving Crime Analyst , 2003 .

[3]  T. Le Sage,et al.  A tool-target based approach for simulating a terrorist attack , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[4]  David G. Groves,et al.  A New Analytic Method for Finding Policy-Relevant Scenarios: , 2007 .

[5]  John A. Sokolowski,et al.  Probabilistic Risk Analysis and Terrorism Risk , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[6]  Fadhel Kaboub Realistic Evaluation , 2004 .

[7]  Stan Kaplan,et al.  Formalisms for handling phenomenological uncertainties: the concepts of probability, frequency, variability, and probability of frequency , 1993 .

[8]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[9]  Pascal van Eck,et al.  A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements , 2006, ArXiv.

[10]  D. Cornish THE PROCEDURAL ANALYSIS OF OFFENDING AND ITS RELEVANCE FOR SITUATIONAL PREVENTION , 1994 .

[11]  Robert E Chapman,et al.  Cost-Effective Responses to Terrorist Risks in Constructed Facilities | NIST , 2004 .

[12]  Charles Meade,et al.  Considering the Effects of a Catastrophic Terrorist Attack , 2006 .

[13]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[14]  T. Aven Misconceptions of Risk , 2010 .

[15]  Robin L Dillon,et al.  Risk‐Based Decision Making for Terrorism Applications , 2009, Risk analysis : an official publication of the Society for Risk Analysis.