=Paper=
{{Paper
|id=Vol-2010/paper14
|storemode=property
|title=Systemic Risk Analysis Through SE Methods And Techniques
|pdfUrl=https://ceur-ws.org/Vol-2010/paper14.pdf
|volume=Vol-2010
|authors=Andrea Tundis,Alfredo Garro,Teresa Gallo,Domenico Saccá ,Simona Citrigno,Sabrina Graziano ,Max Mühlhäuser
|dblpUrl=https://dblp.org/rec/conf/ciise/TundisGGSCGM17
}}
==Systemic Risk Analysis Through SE Methods And Techniques==
https://ceur-ws.org/Vol-2010/paper14.pdf
Systemic Risk analysis through SE methods and
techniques
Andrea Tundis, Max Mühlhäuser Teresa Gallo, Alfredo Garro, Domenica Saccá
Telecooperation Lab, Department of Computer Science Department of Informatics, Modeling, Electronics and
Technische Universität Darmstadt Systems Engineering (DIMES), University of Calabria
Darmstadt, Germany Via Ponte P. Bucci 41C, Rende (CS), 87036 Italy
{tundis, max}@tk.tu-darmstadt.de {t.gallo, a.garro, sacca}@dimes.unical.it
Simona Citrigno, Sabrina Graziano
Centro di Competenza ICT-SUD
Piazza Vermicelli, 87036 Rende (CS), Italy
{simona.citrigno, sabrina.graziano}@cc-ict-sud.it
Copyright © held by the author
Abstract—The Systemic Risk is the risk that derives from the regulations that govern the context under analysis are
interdependence of the system under consideration, object of the identified.
analysis, and the services provided by other systems and, in
general, by the interactions among them. The combination of the
GOReM methodology and the RAMSoS method is proposed for
Systemic Risk Assessment so as to provide the following benefits:
(i) Effective modeling of SoSs structure and behavior; (ii) Explicit
representation of dysfunctional behavior; (iii) Evaluation of
different risk scenarios through agent-based simulation; (iv)
Quantitative and qualitative risk assessment also in combination
with classical analysis techniques (such as Bayesian Networks).
Keywords—Cybersecurity, Modeling and Simulation,
Requirement Engineering, Systemic Risk Analysis
Fig. 1. Systemic Risk Analysis Phases
I. IDEA AND PROPOSAL
Identify the main phases of the Systemic Risk (SR) B. System Design
Proposed a Modelling and Simulation based approach The target of the analysis as well as boundaries of the
design, i.e. what needs to be represented and what can or
Defined a step by step methodology (not a software should be neglected/omitted, are defined. Specific use cases are
tool) redefined in terms of scenarios of interest. Application
Performing Static and Dynamic Systemic Risk Analysis scenarios are introduced to specify the functionalities that
should be provided in each business scenario description of the
system is delivered by providing from different points of view
II. SYSTEMIC RISK ANALISYS PHASES
such as for structural, functional, and so on.
The proposed process to support the analysis of the
systemic risk can be organized in three macro-phases (see C. Simulation Modeling & Results Evaluation
Figure 1): System Analysis, System Design and Simulation
Modeling and Results Assessment. At this point, a subset of the models generated in the
System Design macro-phase is selected and processed.
According to the simulation-platform different Model-to-
A. System Analysis Model transformation rules are defined. Great attention is
System requirements and other aspects of interest are placed on the indices / objectives identified during the System
identified and described. The involved entities (such as Analysis. From these indices and the objectives to be pursued,
stakeholders, services providers and so on) are identified along the simulation platform, which is able to support the desired
with their roles and related objectives. Goals to be achieved analysis, is selected. Based on the objectives to be verified, it is
and their dependencies are highlighted. The rules and possible to choose the simulation environment that better fits
the type of analysis to be carried out.
� III. DERIVING BAYESIAN NETWORKS MODELS FOR Payments and Transactions service (Web Service
SUPPORTING SYSTEMIC RISK ANALYSIS Provider, Energy Provider, IT infrastructure)
A. A combined approach for modeling and assessing the 1. A statistics based approach using a tool for a static analysis
is applied: GeNIe (Graphical Network Interface) a
Systemic Risk
development environment for the creation of decision
models based on Bayesian Network (BN)
2. An agent-based approach using a dynamic tool is adopted:
ReActor an object oriented framework based on discrete-
How and which entities of the overall system influence the events simulation
operation of the entire system and the evaluation of the
Systemic Risk. For each actor the following risk ranges (or QoS) have been
identified:
SMS Notification: Good, Low;
Payments and Transactions: LowRisk, HighRisk;
Modeling and evaluating Systemic Risk by exploiting IT Internal Infrastructure: Good, Standard, Poor;
(agent-based) simulation + Bayesian Network
WebServiceProvider: High, Medium, Low;
B. RAMSoS and GOReM: Enabling Factors Energy Provider: High, Standard;
Common modeling notation: SysML/UML. MobileServiceProvider: HighLevelOfService,
Both RAMSoS and GOReM are defined in terms of StandardLevelOfService;
phases and work-products Once the model and relationships among actors and their
GOReM is defined as a method to support the analysis goals are well described and defined, it is possible to use
of system requirements with particular emphasis on simulation to provide an assessment about what can happen
their elicitation and tracking; while RAMSoS is meant into an application scenario according to specific inputs to the
to be used mostly for supporting the validation and system. Figure 3 shows Architectural Modeling for risk
verification phases. Together they cover the entire analysis applied to a service of Electronic Online Payment of
Systemic Risk Analysis Phases Poste Italiane.
Reuse of models.
Figure 2 shows the integration approach based on Work-
Products
Fig. 3. RAMSoS – System Design
Fig. 2. Combining GOReM and the RAMSoS method Figure 4 and Figure 5 represent, respectively, examples of
GOReM Application and Behavioural Model.
IV. RISK ANALYSIS APPLIED TO A SERVICE OF ELECTRONIC
ONLINE PAYMENT OF POSTE ITALIANE
The risk of success or failure of the PEO service relies on
two complementary services:
SMS Notifications service (Mobile Service Provider)
� Figure 7 and Figure 8 show further quantitative and
qualitative information gathered by exploiting agent-based
simulation such as:
(i) the availability (working) or unavailability (not working)
of a service
(ii) the time when the failure of a service happened
(timestamps)
(iii) the cause of the failure, if it is due to internal or
external factors.
This allows to assess the main system (PEO Service) and its
interdependencies with the involved services, by considering
Fig. 4. GOReM - Application Modeling events of faults and failures and their propagation in the
network, from a dynamic point of view by including temporal
constrains.
Fig. 7. Simulation Results related to the PEO Service
Fig. 5. GOReM - Behavioural Model
A. PEO Service Result Analysis
Considering a combination of services based on high level
quality percentage, the probability of PEO success is 99%,
which means a LowRisk.
Fig. 6. Exploitation of Bayesian Network
Fig. 8. Simulation Implementation related to the PEO Service
� REFERENCES Simulation and Bayesian Networks. Proceedings of the 12th
International Conference on Availability, Reliability and Security
[1] A. Tundis, A. Garro, T. Gallo, D. Saccá, S. Citrigno, S. Graziano, and (ARES 2017), Reggio Calabria (Italy), 29 August - 1 September 2017.
M. Mühlhäuser. 2017. Systemic Risk Modeling and Evaluation through
�