Summary
Effective tool support for the joint analysis of safety and security risks is long overdue.
Risk management is an important activity to ensure the reliable functioning of technology, such as power plants and self-driving cars. Risks include both safety (= accidental failures) and security aspects (= malicious attacks). Historically, safety and security risks have been analyzed in isolation, despite often conflicting with each other. Effective decision-making requires considering safety and security risks in combination, as measures that increase safety may decrease security and vice versa.
My Consolidator Grant CAESAR has laid out the groundwork for a safety-security co-analysis framework: (1) A graphical risk model, mapping how vulnerabilities and failures propagate and cause system-level disruptions; (2) efficient algorithms to compute risk metrics, indicating how well a system performs in terms of safety-security. (3) algorithms that quantify the uncertainty of the analysis algorithms.
In RUBICON, I will develop a PoC software tool that supports methods from CAESAR, advancing from TRL1 to TRL3. Key challenges to be tackled include:
• Scaling up analysis methods to handle industry-size problems, by tailoring algorithms to work with specific subclasses that appear in practice.
• Improve the interpretability of calculated outcomes. We will develop diagnostic feedback methods based on counter example analysis and importance factors.
• Multi-objective optimization techniques. When dealing with multiple, interdependent parameters, conflicting requirements often arise, due to resource constraints and varying priorities. RUBICON will develop optimal strategies to effectively balance such conflicts, exploiting and advancing Pareto-analysis.
The proof-of-concept tool will be tested and validated via lab and pilot studies across different industrial domains. A serious market analysis will lay out an actionable strategy to commercialize the PoC tool post-project.
Risk management is an important activity to ensure the reliable functioning of technology, such as power plants and self-driving cars. Risks include both safety (= accidental failures) and security aspects (= malicious attacks). Historically, safety and security risks have been analyzed in isolation, despite often conflicting with each other. Effective decision-making requires considering safety and security risks in combination, as measures that increase safety may decrease security and vice versa.
My Consolidator Grant CAESAR has laid out the groundwork for a safety-security co-analysis framework: (1) A graphical risk model, mapping how vulnerabilities and failures propagate and cause system-level disruptions; (2) efficient algorithms to compute risk metrics, indicating how well a system performs in terms of safety-security. (3) algorithms that quantify the uncertainty of the analysis algorithms.
In RUBICON, I will develop a PoC software tool that supports methods from CAESAR, advancing from TRL1 to TRL3. Key challenges to be tackled include:
• Scaling up analysis methods to handle industry-size problems, by tailoring algorithms to work with specific subclasses that appear in practice.
• Improve the interpretability of calculated outcomes. We will develop diagnostic feedback methods based on counter example analysis and importance factors.
• Multi-objective optimization techniques. When dealing with multiple, interdependent parameters, conflicting requirements often arise, due to resource constraints and varying priorities. RUBICON will develop optimal strategies to effectively balance such conflicts, exploiting and advancing Pareto-analysis.
The proof-of-concept tool will be tested and validated via lab and pilot studies across different industrial domains. A serious market analysis will lay out an actionable strategy to commercialize the PoC tool post-project.
Unfold all
/
Fold all
More information & hyperlinks
| Web resources: | https://cordis.europa.eu/project/id/101187945 |
| Start date: | 01-12-2024 |
| End date: | 31-05-2026 |
| Total budget - Public funding: | - 150 000,00 Euro |
Cordis data
Original description
Effective tool support for the joint analysis of safety and security risks is long overdue.Risk management is an important activity to ensure the reliable functioning of technology, such as power plants and self-driving cars. Risks include both safety (= accidental failures) and security aspects (= malicious attacks). Historically, safety and security risks have been analyzed in isolation, despite often conflicting with each other. Effective decision-making requires considering safety and security risks in combination, as measures that increase safety may decrease security and vice versa.
My Consolidator Grant CAESAR has laid out the groundwork for a safety-security co-analysis framework: (1) A graphical risk model, mapping how vulnerabilities and failures propagate and cause system-level disruptions; (2) efficient algorithms to compute risk metrics, indicating how well a system performs in terms of safety-security. (3) algorithms that quantify the uncertainty of the analysis algorithms.
In RUBICON, I will develop a PoC software tool that supports methods from CAESAR, advancing from TRL1 to TRL3. Key challenges to be tackled include:
• Scaling up analysis methods to handle industry-size problems, by tailoring algorithms to work with specific subclasses that appear in practice.
• Improve the interpretability of calculated outcomes. We will develop diagnostic feedback methods based on counter example analysis and importance factors.
• Multi-objective optimization techniques. When dealing with multiple, interdependent parameters, conflicting requirements often arise, due to resource constraints and varying priorities. RUBICON will develop optimal strategies to effectively balance such conflicts, exploiting and advancing Pareto-analysis.
The proof-of-concept tool will be tested and validated via lab and pilot studies across different industrial domains. A serious market analysis will lay out an actionable strategy to commercialize the PoC tool post-project.
Status
SIGNEDCall topic
ERC-2024-POCUpdate Date
24-11-2024
Images
No images available.
Geographical location(s)
