Abstract
Resilience, a system property merging the consideration of stochastic and malicious events focusing on mission success, motivates researchers and practitioners to develop methodologies to support holistic assessments. While established risk assessment methods exist for early and advanced analysis of complex systems, the dynamic nature of security is much more challenging for resilience analysis.The scientific contribution of this paper is a methodology called Trust Loss Effects Analysis (TLEA) for the systematic assessment of the risks to the mission emerging from compromised trust of humans who are part of or are interacting with the system. To make this work more understandable and applicable, the TLEA method follows the steps of Failure Mode, Effects & Criticality Analysis (FMECA) with a difference in the steps related to the identification of security events. There, the TLEA method uses steps from the Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service (DoS), Elevation of privilege (STRIDE) methodology.The TLEA is introduced using a generic example and is then demonstrated using a more realistic use case of a drone-based system on a reconnaissance mission. After the application of the TLEA method, it is possible to identify different risks related to the loss of trust and evaluate their impact on mission success.
Original language | English |
---|---|
Title of host publication | 2023 Annual Reliability and Maintainability Symposium, RAMS 2023 |
Publisher | Wiley-IEEE Press |
Pages | 1-6 |
Number of pages | 6 |
ISBN (Electronic) | 978-1-6654-6053-8 |
ISBN (Print) | 978-1-6654-6054-5 |
DOIs | |
Publication status | Published - 26 Jan 2023 |
MoE publication type | A4 Article in a conference publication |
Event | 2023 Annual Reliability and Maintainability Symposium (RAMS) - Orlando, FL, USA Duration: 23 Jan 2023 → 26 Jan 2023 |
Conference
Conference | 2023 Annual Reliability and Maintainability Symposium (RAMS) |
---|---|
Period | 23/01/23 → 26/01/23 |
Keywords
- Systematics
- Merging
- Random access memory
- Focusing
- Reconnaissance
- Zero Trust
- Risk management
- FMECA
- FMEA
- Security
- Resilience
- STRIDE
- Safety