Citation: Proceedings of the 2018 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 15, pages 593–602 (2018)
Abstract. In the field of Legal Metrology, a risk assessment is demanded by European directives for certain measuring instruments. In this paper, a previously published reference cloud architecture will be subjected to such an assessment. A specially tailored and standardized method is used to identify essential threats and common attack vectors for the architecture. With the help of calculated probability score and the risk factor, the fulfillment of the essential requirements of the applicable European directives are shown. Furthermore, Attack Probability Trees are applied to identify suitable countermeasures to increase the resilience level where necessary.
- European Parliament and Council, “Directive 2014/32/EU of the European Parliament and of the Council,” Official Journal of the European Union, 2014.
- A. Oppermann, J.-P. Seifert, and F. Thiel, “Secure cloud reference architectures for measuring instruments under legal control.” in CLOSER (1), 2016, pp. 289–294.
- “WELMEC 7.2 Software Guide,” WELMEC European cooperation in legal metrology, Welmec Secretariat, Delft, Standard, 2015.
- A. Oppermann, A. Yurchenko, M. Esche, and J.-P. Seifert, “Secure cloud computing: Multithreaded fully homomorphic encryption for legal metrology,” in International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. Springer, 2017, pp. 35–54.
- M. Esche and F. Thiel, “Software risk assessment for measuring instruments in legal metrology,” in Computer Science and Information Systems (FedCSIS), 2015 Federated Conference on. IEEE, 2015, pp. 1113–1123.
- M. Esche, F. G. Toro, and F. Thiel, “Representation of attacker motivation in software risk assessment using attack probability trees,” Proceedings of the Federated Conference on Computer Science and Information Systems (FedCSIS), 2017 Federated Conference on (pp. 763-771). IEEE., 2017.
- C. Gentry et al., “Fully homomorphic encryption using ideal lattices.” in STOC, vol. 9, 2009, pp. 169–178.
- ISO27005:2011(e), “Information technology - security techniques - information security risk management.” International Organisation for Standardisation, Geneva, CH, vol. Standard, Jun. 2011.
- “Welmec 5.3 Risk Assessment Guide for Market Surveillance: Weigh and Measuring Instrument,” WELMEC European cooperation in legal metrology, WELMEC Secretariat, Ljubljana, May 2011.
- M. Esche and F. Thiel, “Incorporating a measure for attacker motivation into software risk assessment for measuring instruments in legal metrology,” 18. GMA/ITG-Fachtagung Sensoren und Messsysteme 2016,Nürnberg, Germany, vol. 1, no. 1, pp. 735–742, Mai 2016.
- ISO/IEC18045:2012, “Common Methodology for Information Technology Security Evaluation,” International Organisation for Standardisation, Geneva, CH, Sep. 2012.
- S. Mauw and M. Oostdijk, “Foundations of attack trees,” in International Conference on Information Security and Cryptology. Springer, 2005, pp. 186–198.