User Tools

Site Tools


erise_2013

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

erise_2013 [2015/11/05 18:51]
katsiaryna.labunets@unitn.it [eRISE Challenge 2013]
erise_2013 [2021/01/29 11:58]
Line 1: Line 1:
-===== eRISE Challenge 2013 ==== 
-The eRISE 2013 challenge has been conducted to empirically evaluate security engineering and risk analysis methods. The event has been carried out in May and June 2013. The first part of experiment took place at the University of Trento, Italy (13-17 May, 2013), the second at Dauphine University, Paris, France (13-14 June, 2013).  ​ 
  
-It is part of our long term project of empirical evaluation of security methodologies,​ the [[erise|eRISE Challenge]]. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. 
- 
-==== Participants ==== 
-In eRISE 2013 the following people took part: 
-  * **Customers** ​ 
-     * //Raminder Ruprai// (National Grid, UK) 
-     * //Jan Stijohann// (Siemens AG, Germany); 
-  * **Method Designers**:​ 
-     * //Le Minh Sang Tran// - SINTEF/​University of Trento (CORAS) 
-     * //Kim Wuyts, Riccardo Scandariato//​ - Katholieke Universiteit Leuven (LINDDUN) 
-     * //David Garcia Rosado, Daniel Mellado// - University of Castilla La Mancha (SREP) 
-     * //Seda Güerses// - Katholieke Universiteit Leuven (MPRA) 
-  * **Observers**:​ 
-     * //​Katsiaryna Labunets// 
-     * //Martina Degramatica//​ 
-     * //Mattia Salnitri// 
-     * //Tong Li// 
-  * **Participants**:​ 
-     * //29 students// are enrolled in the Master in Computer Science and Telecommunications at the University of Trento and had a background in Security Engineering and Information Systems 
-     * //28 professionals//​ are attending a Master Course in Audit for Information System in Enterprises at Dauphine University. This master has an admission requirement of a minimum of five years of working experience in the field of Auditing in Information Systems 
- 
-==== Experimental Procedure ==== 
-eRISE 2013 will be conducted in three main phases: 
- 
-  * **eRISE 2013 Presentation**. Introduction to Objectives and Activities: 
-     - April 23, 2013 at the University of Trento, Italy {{:​research_activities:​erise:​erise_2013:​erise2013-presentation.pdf|slides}} 
-  * **Training Phase**. Participants attend tutorials on the methods under evaluation and on the Smart Grid industrial cases: ​ 
-     - May 13-15, 2013 at the University of Trento, Italy  
-  * **Application Phases**. Participants apply the methods to analyse security issues of the Smart Grid industrial cases: 
-     - May 16-17, 2013 at University of Trento, Italy 
-     - June 13-14, 2013 at Dauphine University, Paris, France 
-  * **Evaluation Phase**. Participants discuss the methods through focused group interviews and post-it notes sessions, ​ while method designers and customers evaluate the final reports: 
-      - June 14, 2013 Focus Groups and Post-it notes sessions with participants,​ at Dauphine University, Paris, France 
-      - June 30- July 15, 2013 Reports assessment by method designers and customers 
- 
-==== Evaluated Methods ==== 
- 
-The selection of the security requirements methods to be evaluated is driven 
-by three main factors: the number of citations, the fact that research on the 
-method is still ongoing, and availability of the methods designers. 
- 
-Five methods will be evaluated and compared during eRISE 2013: 
- 
-  * **CORAS** is a model-driven method for risk analysis proposed by SINTEF, Norway. Materials: ​ {{:​research_activities:​erise:​erise_2012:​tutorials:​coras-intro.pdf|book chapter}}, {{:​research_activities:​erise:​erise_2013:​mst-erise2013-coras.pdf|tutorial}},​ {{:​research_activities:​erise:​erise_2013:​coras-examplediagrams.zip|example}}. 
-  * **LINDDUN** is a methodology to elicit the privacy requirements of software-intensive systems and select privacy enhancing technologies designed by Distrinet Research Group at Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​linddun.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​linndun_casestudy.pdf|case study}}, {{:​research_activities:​erise:​erise_2013:​erise_linddun_tutorial_2013.pdf|tutorial}},​ [[https://​people.cs.kuleuven.be/​~kim.wuyts/​ERISE/​|additional materials]]. 
-  * **MPRA** is a multilateral privacy requirements analysis methodology proposed by Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-overview.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-pres.pdf|tutorial}}. 
-  * **SREP** is an asset-based and risk-driven method developed at University of Castilla-La Mancha, Spain for the establishment of security requirements in the development of secure Information Systems. Materials: {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2006-mellado.pdf|paper}},​ {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2007-mellado.pdf|case study}},​{{:​research_activities:​erise:​erise_2013:​srep-david.pdf|tutorial}}. 
-==== Industrial Case Studies ​ ==== 
-In eRISE 2013 two industrial application scenarios from Smart Grid domain will be proposed to the participant for analysis. 
- 
-== Electricity Transmission Network == 
-The Electricity Transmission Network scenario has been proposed by National Grid, London, UK. This case study focuses on the electricity transmission network and service that National Grid plc provides in the United Kingdom. This scenario is focused on managing and balancing the Electricity Transmission Network. 
- 
-The materials about this scenario are available here: {{:​research_activities:​erise:​erise_2013:​erise2013-etn-description.pdf|scenario description}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-pres.ppt|presentation}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-threat-analysis.ppt|threat analysis}}, [[http://​www.seconomicsproject.eu/​content/​case-b-uk-national-power-grid|additional materials]]. 
- 
-== Smart Metering Scenario == 
- 
-The Smart Metering scenario has been proposed by Siemens. The Smart Grid is a large, flexible, self-monitoring,​ auto-balancing,​ and self-regulating infrastructure which uses ICT to gather and respond on information in an automated manner in order to improve the efficiency, reliability,​ and sustainability of the production and distribution of energy. 
-The core of a Smart Grid depends on intelligent,​ reliable, secure and cost effective technology. The Smart Grid can be characterized as a combination of two infrastructures,​ the electrical grid carrying the energy and maintaining the safety, availability,​ and performance of the grid, and the information infrastructure used to supervise and control the electrical grid operation. 
- 
-The materials about this scenario are available here: {{:​research_activities:​erise:​erise_2013:​erise2013-smartmeteering-description.pdf|scenario description}} and {{:​research_activities:​erise:​erise_2013:​erise2013-smartmetering-pres.pptx|presentation}}. 
-==== eRISE 2013 Organization ==== 
- 
-eRISE 2013 - Goals and Organizational Details {{:​research_activities:​erise:​erise_2013:​eRISE2013-organization.pdf|slides}} ​ 
- 
-==== Final Report Template ==== 
- 
-Template to deliver the final report {{:​research_activities:​erise:​erise_2013:​Template-Report.docx|template}} 
- 
-==== Contact Information ==== 
-For organizational matters send an email to: 
-  * **Prof. Fabio Massacci** - [[fabio.massacci@unitn.it]] 
-  * **Dr. Federica Paci** - [[paci@disi.unitn.it]] 
- 
-For questions about methods send an email to:  
-  * CORAS - **Le Minh Sang Tran** - [[tran@disi.unitn.it]] 
-  * LINDDUN - **Kim Wuyts** - [[kim.wuyts@cs.kuleuven.be]] 
-  * MPRA - **Seda Guerses** - [[sguerses@esat.kuleuven.be]] 
-  * SREP - **Daniel Mellado** - [[damefe@esdebian.org]] 
- 
-For questions about the case study send an email to: 
- 
-  * Electricity Transmission Network - **Dr. Raminder Ruprai** - [[Raminder.Ruprai@nationalgrid.com]] 
-  * Smart Metering scenario - **Santiago Suppan** - [[santiago.suppan.ext@siemens.com]] 
erise_2013.txt · Last modified: 2021/01/29 10:58 (external edit)