Risk-Oriented Design Approach For Forensic-Ready Software Systems

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F21%3A00122160" target="_blank" >RIV/00216224:14330/21:00122160 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1145/3465481.3470052" target="_blank" >http://dx.doi.org/10.1145/3465481.3470052</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3465481.3470052" target="_blank" >10.1145/3465481.3470052</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Risk-Oriented Design Approach For Forensic-Ready Software Systems

Popis výsledku v původním jazyce

Digital forensic investigation is a complex and time-consuming activity in response to a cybersecurity incident or cybercrime to answer questions related to it. These typically are what happened, when, where, how, and who is responsible. However, answering them is often very laborious and sometimes outright impossible due to a lack of useable data. The forensic-ready software systems are designed to produce valuable on-point data for use in the investigation with potentially high evidence value. Still, the particular ways to develop these systems are currently not explored. This paper proposes consideration of forensic readiness within security risk management to refine specific requirements on forensic-ready software systems. The idea is to re-evaluate the taken security risk decisions with the aim to provide trustable data when the security measures fail. Additionally, it also considers possible disputes, which the digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design, composes of two parts: (1) process guiding the identification of the requirements in the form of potential evidence sources, and (2) supporting BPMN notation capturing the potential evidence sources and their relationship. Together they are aimed to provide a high-level overview of the forensic-ready requirements within the system. Finally, the approach is demonstrated on an automated valet parking scenario, followed by a discussion regarding its impact and usefulness within the forensic readiness effort.

Název v anglickém jazyce

Risk-Oriented Design Approach For Forensic-Ready Software Systems

Popis výsledku anglicky

Digital forensic investigation is a complex and time-consuming activity in response to a cybersecurity incident or cybercrime to answer questions related to it. These typically are what happened, when, where, how, and who is responsible. However, answering them is often very laborious and sometimes outright impossible due to a lack of useable data. The forensic-ready software systems are designed to produce valuable on-point data for use in the investigation with potentially high evidence value. Still, the particular ways to develop these systems are currently not explored. This paper proposes consideration of forensic readiness within security risk management to refine specific requirements on forensic-ready software systems. The idea is to re-evaluate the taken security risk decisions with the aim to provide trustable data when the security measures fail. Additionally, it also considers possible disputes, which the digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design, composes of two parts: (1) process guiding the identification of the requirements in the form of potential evidence sources, and (2) supporting BPMN notation capturing the potential evidence sources and their relationship. Together they are aimed to provide a high-level overview of the forensic-ready requirements within the system. Finally, the approach is demonstrated on an automated valet parking scenario, followed by a discussion regarding its impact and usefulness within the forensic readiness effort.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

The 16th International Conference on Availability, Reliability and Security (ARES 2021)

ISBN

9781450390514

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

„ArticleNo.:48“

Název nakladatele

Association for Computing Machinery

Místo vydání

New York, NY, USA

Místo konání akce

Vienna, Austria

Datum konání akce

1. 1. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—