Cyber Security Seminar: Incidents are meant for learning, not repeating.
Liliana Pasquale lecturer at University College Dublin
University of Bristol, Wills Memorial Building, Room G25 Reynolds
Sharing Knowledge About Security Incidents in Cyber-Physical Systems
In this event, hosted by Bristol Cyber Security Group, Liliana Pasquale lecturer at University College Dublin will talk about Cyber-physical systems (CPSs) and infrastructures in industrial automation and transportation systems.
Security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations being more prepared to prevent, mitigate or investigate future incidents. In this talk Liliana will present a novel approach to enable representation and sharing of knowledge about security incidents in cyber-physical systems. To capture characteristics of security incidents that can manifest again, such as incident activities or vulnerabilities exploited by offenders, incident patterns are modelled Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be instantiated to various cyber-physical systems - different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization’s assets and resources.
In this talk Liliana will also present two automated techniques to support sharing of incident knowledge. The first technique extracts incident patterns from specific incident instances. While the second instantiated e incident patterns to specific cyber-physical systems in order to assess whether and how incident patterns can manifest again in other cyber-physical systems. Liliana will showcase the approach in the application domain of smart buildings and I will evaluate correctness, scalability, and performance using a more compelling example inspired by real-world systems and incidents. Finally Liliana will have a lookahead towards future applications of the approach in security, digital forensics and incidents reporting.
Liliana Pasquale received the PhD degree from Politecnico di Milano (Italy), in 2011. She is a lecturer at University College Dublin (Ireland) and a researcher at Lero - the Irish Software Research Centre. Her research interests include requirements engineering and adaptive systems, with particular focus on security, privacy, and digital forensics. She has served in the Program and Organizing Committee of prestigious software engineering conferences, such as ICSE, FSE, ASE, RE. She is also part of the review committee of the IEEE TSE journal and the TOSEM journal. She currently leads the Science Foundation Ireland SIRG Project For-CoPS - Forensics Investigations of Cyber-Physical Incidents.
To register for this free event, please click HERE or visit https://www.eventbrite.co.uk/e/liliana-pasquale-sharing-knowledge-about-security-incidents-tickets-77269421921?aff=internal.