Abstract
This paper proposes an integrated approach to study impact propagation of cyber and physical incidents within critical healthcare infrastructures. This approach is based on a semantic modeling and reasoning engine which takes into account assets and input/output incident types while running propagation through a network graph. Besides, it calculates impact scores based on the protection degree value of each asset. We illustrate our contribution through an attack scenario on the “Covid vaccine theft”. The evaluation of the approach shows promising results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
ANSSI: Ebios risk manager - the method (2019). https://www.ssi.gouv.fr/en/guide/ebios-risk-manager-the-method/
Ben-Asher, N., Oltramari, A., Erbacher, R.F., Gonzalez, C.: Ontology-based adaptive systems of cyber defense. In: STIDS, pp. 34–41 (2015)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 183–194 (2009)
Guttman, B., Roback, E.A.: An Introduction to Computer Security: The NIST Handbook. Diane Publishing, Collingdale (1995)
Hannou, F.Z., Atigui, F., Lammari, N., Cherfi, S.S.: An ontology-based model for cyber-physical security management in healthcare context. In: Strauss, C., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) Expert Systems Applications. LNCS, vol. 12924, pp. 22–34. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-86475-0_3
Kim, M., Dey, S., Lee, S.: Ontology-driven security requirements recommendation for apt attack, pp. 150–156 (2019). https://doi.org/10.1109/REW.2019.00032
Liu, C.Y., Jeng, A.P., Chang, C.H., Wang, R.G., Chou, C.C.: Combining building information modeling and ontology to analyze emergency events in buildings. In: ISARC. Proceedings of the International Symposium on Automation and Robotics in Construction, vol. 35, pp. 1–6. IAARC Publications (2018)
Luh, R., Marschalek, S., Kaiser, M., Janicke, H., Schrittwieser, S.: Semantics-aware detection of targeted attacks: a survey. J. Comput. Virol. Hack. Tech. 13(1), 47–85 (2016). https://doi.org/10.1007/s11416-016-0273-3
Schauer, S., Grafenauer, T., König, S., Warum, M., Rass, S.: Estimating cascading effects in cyber-physical critical infrastructures. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 43–56. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_4
Szpyrka, M., Jasiul, B.: Evaluation of cyber security and modelling of risk propagation with petri nets. Symmetry 9(3), 32 (2017)
Szpyrka, M., Jasiul, B., Wrona, K., Dziedzic, F.: Telecommunications networks risk assessment with Bayesian networks. In: Saeed, K., Chaki, R., Cortesi, A., Wierzchoń, S. (eds.) CISIM 2013. LNCS, vol. 8104, pp. 277–288. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40925-7_26
Velasco, J.L., Valencia-García, R., Fernández-Breis, J.T., Toval, A.: Modelling reusable security requirements based on an ontology framework. J. Res. Pract. Inf. Technol. 41(2), 119–133 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Rihany, M., Hannou, FZ., Mimouni, N., Hamdi, F., Tourron, P., Julien, PA. (2021). A Semantic-Based Approach for Assessing the Impact of Cyber-Physical Attacks: A Healthcare Infrastructure Use Case. In: Braun, T., Gehrke, M., Hanika, T., Hernandez, N. (eds) Graph-Based Representation and Reasoning. ICCS 2021. Lecture Notes in Computer Science(), vol 12879. Springer, Cham. https://doi.org/10.1007/978-3-030-86982-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-86982-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86981-6
Online ISBN: 978-3-030-86982-3
eBook Packages: Computer ScienceComputer Science (R0)