User Tools

Site Tools


erise_2013

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
erise_2013 [2013/05/15 09:36]
federica.paci@unitn.it [Evaluated Methods]
erise_2013 [2021/01/29 10:58] (current)
Line 1: Line 1:
 ===== eRISE Challenge 2013 ==== ===== eRISE Challenge 2013 ====
-The eRISE 2013 challenge ​will be conducted to empirically evaluate security engineering and risk analysis methods. The event will be carried out in May and June 2013. The first part of experiment ​will take place at the University of Trento, Italy (13-17 May, 2013), the second at Dauphine University, Paris, France (13-14 June, 2013).  ​+The eRISE 2013 challenge ​has been conducted to empirically evaluate security engineering and risk analysis methods. The event has been carried out in May and June 2013. The first part of experiment ​took place at the University of Trento, Italy (13-17 May, 2013), the second at Dauphine University, Paris, France (13-14 June, 2013).  ​ 
 + 
 +It is part of our long term project of empirical evaluation of security methodologies,​ the [[erise|eRISE Challenge]]. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments.
  
 ==== Participants ==== ==== Participants ====
-In eRISE 2013 will be involved ​the following ​participants:+In eRISE 2013 the following ​people took part:
   * **Customers** ​   * **Customers** ​
      * //Raminder Ruprai// (National Grid, UK)      * //Raminder Ruprai// (National Grid, UK)
Line 10: Line 12:
      * //Le Minh Sang Tran// - SINTEF/​University of Trento (CORAS)      * //Le Minh Sang Tran// - SINTEF/​University of Trento (CORAS)
      * //Kim Wuyts, Riccardo Scandariato//​ - Katholieke Universiteit Leuven (LINDDUN)      * //Kim Wuyts, Riccardo Scandariato//​ - Katholieke Universiteit Leuven (LINDDUN)
-     * //David Garcia Rosado// - University of Castilla La Mancha (SREP)+     * //David Garcia Rosado, Daniel Mellado// - University of Castilla La Mancha (SREP)
      * //Seda Güerses// - Katholieke Universiteit Leuven (MPRA)      * //Seda Güerses// - Katholieke Universiteit Leuven (MPRA)
   * **Observers**:​   * **Observers**:​
Line 31: Line 33:
      - May 16-17, 2013 at University of Trento, Italy      - May 16-17, 2013 at University of Trento, Italy
      - June 13-14, 2013 at Dauphine University, Paris, France      - June 13-14, 2013 at Dauphine University, Paris, France
-  * **Evaluation Phase**. Participants ​will evaluate ​the methods through focused group interviews and post-it notes sessions, ​ while method designers and customers evaluate the final reports:+  * **Evaluation Phase**. Participants ​discuss ​the methods through focused group interviews and post-it notes sessions, ​ while method designers and customers evaluate the final reports:
       - June 14, 2013 Focus Groups and Post-it notes sessions with participants,​ at Dauphine University, Paris, France       - June 14, 2013 Focus Groups and Post-it notes sessions with participants,​ at Dauphine University, Paris, France
       - June 30- July 15, 2013 Reports assessment by method designers and customers       - June 30- July 15, 2013 Reports assessment by method designers and customers
Line 43: Line 45:
 Five methods will be evaluated and compared during eRISE 2013: Five methods will be evaluated and compared during eRISE 2013:
  
-  * **CORAS** is a model-driven method for risk analysis proposed by SINTEF, Norway. Materials: ​ {{:​research_activities:​erise:​erise_2012:​tutorials:​coras-intro.pdf|book chapter}}, {{:​research_activities:​erise:​erise_2012:tutorials:​ERISE2013-CORAS.pdf|tutorial}}. +  * **CORAS** is a model-driven method for risk analysis proposed by SINTEF, Norway. Materials: ​ {{:​research_activities:​erise:​erise_2012:​tutorials:​coras-intro.pdf|book chapter}}, {{:​research_activities:​erise:​erise_2013:mst-erise2013-coras.pdf|tutorial}}, {{:​research_activities:​erise:​erise_2013:​coras-examplediagrams.zip|example}}.
   * **LINDDUN** is a methodology to elicit the privacy requirements of software-intensive systems and select privacy enhancing technologies designed by Distrinet Research Group at Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​linddun.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​linndun_casestudy.pdf|case study}}, {{:​research_activities:​erise:​erise_2013:​erise_linddun_tutorial_2013.pdf|tutorial}},​ [[https://​people.cs.kuleuven.be/​~kim.wuyts/​ERISE/​|additional materials]].   * **LINDDUN** is a methodology to elicit the privacy requirements of software-intensive systems and select privacy enhancing technologies designed by Distrinet Research Group at Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​linddun.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​linndun_casestudy.pdf|case study}}, {{:​research_activities:​erise:​erise_2013:​erise_linddun_tutorial_2013.pdf|tutorial}},​ [[https://​people.cs.kuleuven.be/​~kim.wuyts/​ERISE/​|additional materials]].
   * **MPRA** is a multilateral privacy requirements analysis methodology proposed by Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-overview.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-pres.pdf|tutorial}}.   * **MPRA** is a multilateral privacy requirements analysis methodology proposed by Katholieke Universiteit Leuven, Belgium. Materials: {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-overview.pdf|paper}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-mpra-pres.pdf|tutorial}}.
-  * **SREP** is an asset-based and risk-driven method developed at University of Castilla-La Mancha, Spain for the establishment of security requirements in the development of secure Information Systems. Materials: {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2006-mellado.pdf|paper}},​ {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2007-mellado.pdf|case study}}. +  * **SREP** is an asset-based and risk-driven method developed at University of Castilla-La Mancha, Spain for the establishment of security requirements in the development of secure Information Systems. Materials: {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2006-mellado.pdf|paper}},​ {{:​research_activities:​erise:​erise_2012:​tutorials:​srep-paper-2007-mellado.pdf|case study}},​{{:​research_activities:​erise:​erise_2013:​srep-david.pdf|tutorial}}.
 ==== Industrial Case Studies ​ ==== ==== Industrial Case Studies ​ ====
 In eRISE 2013 two industrial application scenarios from Smart Grid domain will be proposed to the participant for analysis. In eRISE 2013 two industrial application scenarios from Smart Grid domain will be proposed to the participant for analysis.
Line 55: Line 55:
 The Electricity Transmission Network scenario has been proposed by National Grid, London, UK. This case study focuses on the electricity transmission network and service that National Grid plc provides in the United Kingdom. This scenario is focused on managing and balancing the Electricity Transmission Network. The Electricity Transmission Network scenario has been proposed by National Grid, London, UK. This case study focuses on the electricity transmission network and service that National Grid plc provides in the United Kingdom. This scenario is focused on managing and balancing the Electricity Transmission Network.
  
-The materials about this scenario are available here: {{:​research_activities:​erise:​erise_2013:​erise2013-etn-description.docx|scenario description}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-pres.ppt|presentation}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-threat-analysis.ppt|threat analysis}}, [[http://​www.seconomicsproject.eu/​content/​case-b-uk-national-power-grid|additional materials]].+The materials about this scenario are available here: {{:​research_activities:​erise:​erise_2013:​erise2013-etn-description.pdf|scenario description}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-pres.ppt|presentation}},​ {{:​research_activities:​erise:​erise_2013:​erise2013-etn-threat-analysis.ppt|threat analysis}}, [[http://​www.seconomicsproject.eu/​content/​case-b-uk-national-power-grid|additional materials]].
  
 == Smart Metering Scenario == == Smart Metering Scenario ==
Line 80: Line 80:
   * LINDDUN - **Kim Wuyts** - [[kim.wuyts@cs.kuleuven.be]]   * LINDDUN - **Kim Wuyts** - [[kim.wuyts@cs.kuleuven.be]]
   * MPRA - **Seda Guerses** - [[sguerses@esat.kuleuven.be]]   * MPRA - **Seda Guerses** - [[sguerses@esat.kuleuven.be]]
-  * SREP - **David Garcia Rosado** - [[David.GRosado@uclm.es]]+  * SREP - **Daniel Mellado** - [[damefe@esdebian.org]]
  
 For questions about the case study send an email to: For questions about the case study send an email to:
erise_2013.1368603386.txt.gz · Last modified: 2021/01/29 10:58 (external edit)