KIRAS Security Research

2011

RSB - Risk Management under Simultaneous Threats

The goal of the project is the development of a method for risk management in communication networks within or among critical infrastructures for several security goals that explicitly takes interdependencies into account

Risk management is a core task in the security of critical infrastructures. Nowadays available risk management tools usually provide only a one-dimensional analysis, in the sense of being focused on a single security goal. Although standard methods permit quantification of risk related to arbitrary security goals, a simultaneous consideration taking the interplay and potential conflicts between different goals into account is yet missing. Hence, many approaches to risk management offer only limited support for decision-making, as they miss out on conflict management between goals.

The goal of the project is the development of a method for risk management in communication networks within or among critical infrastructures for several security goals that explicitly takes interdependencies into account. Contrary to other methods of risk management that are focused on a single goal, the new method uses game-theory to go for a combined analysis, in particular regarding authenticity, availability and confidentiality. Using techniques from multi-criteria game-theory, we obtain simultaneously optimal (i.e. not uniformly improvable) strategies for infrastructure utilization and risk estimation that accounts for dependencies in a natural way.

The method yields quantitative risk estimates that can be cast into any unit of convenience and specific for the application at hand. Moreover, the method lets us directly link costs for a security system to its expected benefits within the overall system. The results therefore can naturally be integrated in reporting tools for a compact and comprehensive risk picture. This is believed to offer better support for a decision-maker, when it comes to extensions or enhancements of the security with in a critical infrastructure.

Project leader
DI Dr. Stefan Schauer
AIT – Austrian Institute of Technology GmbH

Other Project or Cooperation partner
Alpen-Adria Universität Klagenfurt
Kontakt: DDI Dr. Stefan Rass

SiteXs Databusiness IT-Solutions GmbH
Kontakt: Stefan Heumader, B.Sc, M.Sc

Bundesministerium für Inneres
Kontakt: Dipl.Ing. Robert Gottwald, MSc

Bundesministerium für Landesverteidigung und Sport
Kontakt: Dipl.Ing. Johannes Göllner, MSc

Contact
DI Dr. Stefan Schauer
Lakeside B01a
9020 Klagenfurt
Tel: 050550?4055
Mobil: 0664 825 14 55
Fax: 050550-4190
E-Mail: stefan.schauer@ait.ac.at
Homepage: www.ait.ac.at

print