RORI website

3D-RORI

      

DRMRS

      

StRORI

      

Resources

      

More Information

RORI is a cost-sensitive metric that can be used in automated tools for the selection of security countermeasures against cyber attacks. It combines both stateteless and stateful evaluation of events, as well as a multidimensional geometrical model, in order to guide attack graph-based tools to rank and select security countermeasures against complex cyber attacks. It may also be used for evaluating the impact of such attacks and the selected countermeasures on a given system.

Source Code & Publications

  1.     Public git mirrored repositories
     
  2. A. Motzek, G. Gonzalez-Granadillo, H. Debar, J. Garcia-Alfaro, R. Moeller. "Selection of Pareto-efficient Response Plans based on Financial and Operational Assessments", EURASIP Journal on Information Security, 2017(12)
    Paper ref.
  3. G. Gonzalez-Granadillo, S. Dubus, A. Motzek, E. Alvarez, M. Merialdo, S. Papillon, H. Debar, J. Garcia-Alfaro. "Dynamic Risk Management Response System to handle cyber threats", Future Generation Computer Systems, 2017(6)  
    Paper Ref.
  4. G. Gonzalez-Granadillo, J. Garcia-Alfaro, H. Debar. "A Polytope-based approach to measure the impact of events against critical infrastructures", Journal of Computer and System Sciences, 83(1):3-21, February 2017.  
    Paper Ref.
  5. G. Gonzalez-Granadillo, E. Alvarez, A. Motzek, M. Merialdo, J. Garcia-Alfaro, H. Debar. "Towards an Automated and Dynamic Risk Management Response System", 21st Nordic Conference on Secure IT Systems (NordSec 2016), Springer, LNCS, Oulu, Finland, November 2016.
    Paper ref.
  6. G. Gonzalez-Granadillo, J. Garcia-Alfaro, H. Debar. "An n-sided polygonal model to calculate the impact of cyber security events", 11th International Conference on Risks and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France, September 2016.
    Paper ref.
  7. G. Gonzalez-Granadillo, J. Rubio Hernandez, J. Garcia-Alfaro, H. Debar. "Considering internal vulnerabilities and the attacker's knowledge to model the impact of cyber events as geometrical prisms", The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2016), Tianjin, China, August, 2016.
    Paper Ref.
  8. G. Gonzalez-Granadillo, A. Motzek, J. Garcia-Alfaro, H. Debar. "Selection of Mitigation Actions Based on Financial and Operational Impact Assessments", 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria, August 2016.
    Paper Ref.
  9. G. Gonzalez-Granadillo, J. Garcia-Alfaro, E. Alvarez, M. El-Barbori, H. Debar, "Selecting optimal countermeasures for attacks against critical systems using the Attack Volume model and the RORI index", Computers and Electrical Engineering, 47(2015):13-34, October 2015.  
    Paper Ref.
  10. G. Gonzalez-Granadillo, J. Garcia-Alfaro, H. Debar. "Using a 3D geometrical model to improve accuracy in the evaluation and selection of countermeasures against complex cyber attacks". 11th EAI International Conference on Security and Privacy in Communication Networks (Securecomm 2015), Dallas, USA, October 26-29, 2015.
    Paper Ref.
  11. G. Gonzalez-Granadillo, J. Garcia-Alfaro, H. Debar, C. Ponchel, L. Rodriguez-Martin. "Considering technical and financial impact in the selection of security countermeasures against Advanced Persistent Threats". 7th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2015), Paris, France, 27-29 July 2015.
    Paper Ref.
  12. G. Gonzalez-Granadillo, H. Debar. "Selection of Countermeasures against Cyber Attacks", International Patent Register no. WO2016075115 A1, November, 2014.  
    Patent Ref.