Deliverable D4.1. Report on Background Risk Management/Assessment Systems Enhancement

The scope of the current deliverable is to elaborate on the modifications that are needed in order to realize the MITIGATE platform. The purpose of the platform is to offer sophisticated services regarding cyber risk assessment, threat mitigation and simulation. . The risk assessment functionality aims to quantify the risks that derive from the various cyber vulnerabilities associated with specific assets that participate in a supply chain service. While, the mitigation and simulation functionalities aim to define an optimal defensive strategy against several potential attacks. The generation of the optimal strategy can be, potentially, performed using multiple mathematical tools. In the frame of MITIGATE, a game-theoretic approach will be followed. According to this approach, the optimal defensive strategy will be calculated considering several offensive and defensive strategies that an attacker/defender can perform on a given set of assets within a supply chain service. The aforementioned functionalities will be implemented based on existing solutions and software artefacts produced in the context of several projects. These projects include mainly CYSM[4],MEDUSA[5], S-PORT[6], Secure-Tropos[7] and HyRiM[8].The changes that have to be performed can be divided in vertical and horizontal changes. Vertical changes refer to the alternation of the code-base per se in order to tackle specific features that are not sufficiently covered; while horizontal changes refer to general purpose functionalities such as authentication and authorization. Vertical changes include a) the way assets are modelled; b) the way the relationship among assets is captured; c) the way supply chain processes are modelled; d)the way risk calculations are performed; e) the way various simulations are executed. On top of that, the fact that MITIGATE aims to provide a holistic environment with seamless user experience raises additional changes at the source level of the various solutions. The current deliverable elaborates on these changes.