Casalicchio

AIIC ‐ ENEA  2010 
March 29, 2010 
Roma, Italy 

Cyber Dependencies: 
Characteriza3on, Discovery and Analysis 

E. Casalicchio 
University of Roma – Tor Vergata 
Department of Computer Science System and Prod. 

E.Casalicchio ‐ www.emilianocasalichio.eu

March 29, 2010 
Cyber dependencies  Roma, Italy 

•  An infrastructure has a cyber inter‐dependence if its status depends on 
informa3on transmi@ed across cyberspace.  Rinaldi et al. 2003 

We are interested in understanding the coupling (inter-dependencies) among
components, systems, services INSIDE the cyberinfrastructure

Components

Services Systems

Cyberinfrastructure


March 29, 2010 
Mo3va3ons   Roma, Italy 

Vulnerability &  Impact 
Risk Assessment  Analysis 

•  fundamental  •  (inter‐dependencies)  •  root/cause of 
and strategic IT  Assets respect with  failure 
components,   the vulnerabili3es and  propaga3on, 
Cyber  •  cascading and 
networks and  risk must be evaluated 
Security  escala3ng 
services  •  Quan3ta3ve metrics 
phenomena 
Cyber
treath

Cyber dependencies discovery
and analysis
Natural
hazard

Terrorism /
physical
attack

March 29, 2010 

Three phases  Roma, Italy 

•  Dimensions of  Discovery 
analysis  •  Intensity 
•  metrics for  •  Impact 
dependencies  •  Presence of  •  Vulnerability 
evalua3on   dependencies  •  Risk 
•  methods and  respect to 
mechanisms for  dimensions of 
discovery and  analysis 
analysis 
Analysis 
Characteriza3on 



Characteriza3on of Cyber dependencies  March 29, 2010 
Roma, Italy 

Logical  Locality ‐ Physical  Inter‐/Intra‐system 
Type – nature of the 
(services)  or logical locaDon  Inter‐/Intra‐domain 
dependent enDDes 
Hardware/SoTware 
(architectures) 

Life Cycle – when dependencies  Strength ‐ the  Persistent 
are introduced in the system life  intensity of  Op3onal / 
cycle 
Func3onal 
6  dependencie  Occasional 

Structural 

Resources  CriDcality ‐ the potenDal of 
becoming disastrous  
Pre / Post /Ex‐
requisite 
Direct (1st order) 
Order ‐ Directness 
of a dependency  Indirect (2nd/
nth order) 

March 29, 2010 
Characteriza3on suggests Metrics  Roma, Italy 

•  Strength  
–  probability P of dependency ac3va3on P in [0, 1]   
–  Dura3on T (related to the ac3vity/life 3me) %T in [0, 1] 
•  CriDcality  

Severe 
Elevated 
Guarded 

High 
–  how dangerous a dependency can be (qualita3ve) 

Low 
•  Pre‐requisite (Severe), Co‐requisite (High, Elevated) 
•  Ex‐requisite (Guarded, Low)  
•  Order  
–  measure of the cascade eﬀect 
–  Measure of the distance of a poten3al target from the source of a failure 
•  Locality 
–  Indicate if a rela3onship is internal or external the system or layer under 
considera3on 
•  Life cycle 
–  When a dependency is introduced 
–  Cost of dependency removal 

March 29, 2010 
Discovery of cyber dependencies:  Analysis of Dependencies:  Roma, Italy 
•  Off‐line, sta3c  •  Off‐line, sta3c 
•  Off‐line, dynamic 

Approaches:  Approaches: 
•  Applica3on Code Analysis (ACA) 
•  Component Dependencies Graph 
•  Visual model analysis  (VMA)  
•  Dynamic program analysis (DPA)  
•  Dependencies Structure Matrix 
•   Performance analysis (PA) 
•  System informa3on repositories mining (SRM)   Goal: 
•  Message exchange sequence or pa@ern mining  •  Evalua3on of metrics/indexes to 
(MSM)   quan3fy systems/service coupling in 
support to:  
•  Risk and Vulnerability
assessment
•  Impact analysis


March 29, 2010 
Open discussion  Roma, Italy 

Discovery 
•  Oﬀ‐line and/or 
•  Dimensions  On‐line 
•  On‐line 
•  Metrics  dynamic 
dynamic 
approaches 

Characteriza3on  Analysis 

Casalicchio@ing.uniroma2.it 
h@p://www.emilianocasalicchio.eu 

Casalicchio

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (6)

Similar to Casalicchio

Similar to Casalicchio (9)

Recently uploaded

Recently uploaded (20)

Casalicchio