A novel approach for risk assessment optimization in big data platforms using SMT solvers

Abstract

Read online

Abstract Big Data platforms store vast amounts of information, necessitating robust security measures, including risk-based approaches. Risk assessment, a key part of Information Security Management Systems (ISMS), involves evaluating threats, vulnerabilities, and documenting risks through risk registers. Organizations face the challenge of allocating resources effectively to implement controls that mitigate these risks. This involves calculating risk scores before and after control implementation and prioritizing them—an NP-Complete (Nondeterministic Polynomial-time Complete) problem. This paper presents a mathematical model for solving this using the Z3 Satisfiability Modulo Theories (SMT) solver. The model enables risk-based planning for security implementation in big data platforms. The results demonstrate the feasibility of the approach, with the system processing up to 11 risks (almost 40 million permutations) efficiently, compared to brute force methods, which struggle beyond six risks (720 permutations).

Keywords

• Risk registers
• Risk management
• Z3
• SMT solvers
• Big data
• ISMS