TY - GEN
T1 - 3aRAM
T2 - 19th IEEE International Conference on Software Quality, Reliability and Security Companion, QRS-C 2019
AU - Huang, Yu Lun
AU - Sun, Wen Lin
AU - Tang, Ying Han
PY - 2019/7
Y1 - 2019/7
N2 - To assist in the automation of factory processes, the amount of valuable data flow in the industrial cyber-physical system (CPS), Internet of things (IoT) and cloud computing will also have to increase accordingly. Thus, developing a risk assessment system which is specialized for an industrial IoT system is necessary, especially for the cloud platform that the data mainly flow on. In this paper, we revise the AHP (Analytic Hierarchy Process) method and propose a 3-layer AHP-based risk assessment model (3aRAM) for an Industrial IoT cloud (PaaS platform) to allow the cloud system to self-benchmark its own security status. The model is composed of three phases: data collection, data analysis and risk assessment. To refrain from unnecessary experts involving into the risk assessment phase, a feedback mechanism is designed in the proposed model. We realize the risk assessment system and apply it to an industrial IoT cloud system. Finally, we estimate the practicality of our system by injecting different degrees of noises and launching DoS attacks, and show the change of integrity and availability scores, which are generated by the proposed risk assessment model.
AB - To assist in the automation of factory processes, the amount of valuable data flow in the industrial cyber-physical system (CPS), Internet of things (IoT) and cloud computing will also have to increase accordingly. Thus, developing a risk assessment system which is specialized for an industrial IoT system is necessary, especially for the cloud platform that the data mainly flow on. In this paper, we revise the AHP (Analytic Hierarchy Process) method and propose a 3-layer AHP-based risk assessment model (3aRAM) for an Industrial IoT cloud (PaaS platform) to allow the cloud system to self-benchmark its own security status. The model is composed of three phases: data collection, data analysis and risk assessment. To refrain from unnecessary experts involving into the risk assessment phase, a feedback mechanism is designed in the proposed model. We realize the risk assessment system and apply it to an industrial IoT cloud system. Finally, we estimate the practicality of our system by injecting different degrees of noises and launching DoS attacks, and show the change of integrity and availability scores, which are generated by the proposed risk assessment model.
KW - analytic hierarchy process
KW - cloud risk assessment
KW - industrial internet-of-things
UR - http://www.scopus.com/inward/record.url?scp=85073878671&partnerID=8YFLogxK
U2 - 10.1109/QRS-C.2019.00087
DO - 10.1109/QRS-C.2019.00087
M3 - Conference contribution
AN - SCOPUS:85073878671
T3 - Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019
SP - 450
EP - 457
BT - Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 July 2019 through 26 July 2019
ER -