iit_cnr_logo
Trust, Security and Privacy RESEARCH UNIT
Who we are People Research PROJECTS Education Conferences Collaborations
cnr_logo
Trust, Security and Privacy RESEARCH UNIT
Who we are People Research PROJECTS Education Conferences Collaborations

Advanced cyber threat management

The digital world is continuously expanding thus providing a larger attack surface to several threats. Modern systems must be designed to resist to existing and emerging threats that may impact cyber physical systems. We consider for simplicity three classical areas that are linked as protect, detect and respond.

The protection phase designs and deploys system that are secure and resilient and can monitor their security status. The prevention and protection of attacks in modern ICT components, infrastructure, and systems remains a complex task. It entails developing software and hardware components that have security-by-design as main requirement as well as the capability of deploy several protection mechanisms. The complexity of heterogeneous collections of hardware and software components finds its roots in a diversity of individual development contexts and levels of maturity. It is compounded by growing means of networked interactions, and varied lifecycle schedules that generate highly dynamic behaviors in these systems. As part of this process we need to design and formally analyze the system security and design proper security workflows, in addition to design systems that can be easily reconfigured at run time.

The detect phase allow systems to detect threats using several approaches, from policy based approaches to machine learning ones. It entails the collection and sharing of significant amount of data from several sources and the continuous monitoring of resources. The collection and analysis of the data must be equipped with specific techniques depending on the threats.

In the respond phase, threats are countered and possibly the system may evolve during subsequent planning/redesign steps. The Respond security process is concerned with planning and executing appropriate actions following the detection of a security event. These reconfiguration plans could be policy based. The purpose of the Recover security process is to evolve the system being protected to better and improved ‘business as usual’ status.