Publica
Hier finden Sie wissenschaftliche Publikationen aus den FraunhoferInstituten. A quantitative risk model for a uniform description of safety and security
:
Fulltext urn:nbn:de:0011n3624990 (852 KByte PDF) MD5 Fingerprint: 245a575e00cdadc522732f6b4263b2c6 Created on: 13.10.2015 
 Beyerer, Jürgen (Ed.); Meissner, Andreas (Ed.); Geisler, Jürgen (Ed.) ; FraunhoferInstitut für Optronik, Systemtechnik und Bildauswertung IOSB, Karlsruhe: 10th Future Security 2015. Security Research Conference. Proceedings : September 15 – 17, 2015, Berlin Stuttgart: Fraunhofer Verlag, 2015 ISBN: 9783839609088 ISBN: 3839609089 pp.317324 
 Security Research Conference "Future Security" <10, 2015, Berlin> 

 English 
 Conference Paper, Electronic Publication 
 Fraunhofer IOSB () 
 safety; security; risk; bayesian statistical decision theory; game theory; degree of belief; role model; vulnerability; flanks of vulnerability 
Abstract
A mathematical framework is presented that allows to describe quantitatively and in an integrative way the risk of safety and security constellations. Thereby, great importance is attached to a clear notation with a sound semantics. Based on a role model with the three roles »source of danger«, »subject of protection« and »protector«, risk is modelled quantitatively using statistical decision and game theory. Uncertainties are modelled based of probability distributions, whereupon probability is interpreted in a Bayesian context as a degree of belief DoB. The set D of sources of danger is endowed with a DoBdistribution describing the probability of occurrence. D is partitioned into subsets that describe dangers which are due to random causes, carelessness and intention. A set of flanks of vulnerability F is assigned to each subject of protection. These flanks characterize different aspects of vulnerability concerning mechanical, physiological, informational, economical, reputational, psychological, ... vulnerability. The flanks of vulnerability are endowed with conditional DoBs that describe to which degree an incidence or an attack will be harmful. Additionally, each flank of vulnerability is endowed with a cost function that quantifies the costs which are charged to the subject of protection, if it is affected by a harmful incidence or attack. With these ingredients the risk for the subject of protection can be quantified based on an ensemble functional with respect to all sources of danger and to all flanks of vulnerability. Depending of the respective subset of dangers such a functional is an expectation (case of random causes and carelessness) or a selection operation (case of intention), where in the latter case the attack will presumably take place at the weakest flank of vulnerability. The calculated risk can be opposed to the cost of protection measures that are offered by the protector in order to foster an effective and economical invest decision. From an attacker’s point of view a utility function is formulated which a rational attacker presumably would use to evaluate his costbenefit ratio in order to decide whether he attacks and which of his options he exercises. The challenges of the approach are the determination of the cost functions and especially the estimation of the probabilities (DoBs) of the model. The model can be used to simulate and evaluate the endangerment of subjects of protection quantitatively.