Abstract
CRAC is an IT-infrastructure-based method for assessing and comparing confidentiality risks of distributed IT systems. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets), and the paths that may be followed by different attackers (e.g. insider and outsider). We evaluate its effectiveness by applying it to a real-world outsourcing case.
Type
Publication
In Proceedings of the 6th International Conference on Network and Service Management
Emmanuele Zambon
Assistant Professor
My research interests include Industrial Control System security and network intrusion detection.