{"ID":2873013,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2509.07649","arxiv_id":"2509.07649","title":"Leveraging Digital Twin-as-a-Service Towards Continuous and Automated Cybersecurity Certification","abstract":"Traditional risk assessments rely on manual audits and system scans, often causing operational disruptions and leaving security gaps. To address these challenges, this work presents Security Digital Twin-as-a-Service (SDT-aaS), a novel approach that leverages Digital Twin (DT) technology for automated, non-intrusive security compliance. SDT-aaS enables real-time security assessments by mirroring real-world assets, collecting compliance artifacts, and creating machine-readable evidence. The proposed work is a scalable and interoperable solution that supports open standards like CycloneDX and Web of Things (WoT), facilitating seamless integration and efficient compliance management. Empirical results from a moderate-scale infrastructure use case demonstrate its feasibility and performance, paving the way for efficient, on-demand cybersecurity governance with minimal operational impact.","short_abstract":"Traditional risk assessments rely on manual audits and system scans, often causing operational disruptions and leaving security gaps. To address these challenges, this work presents Security Digital Twin-as-a-Service (SDT-aaS), a novel approach that leverages Digital Twin (DT) technology for automated, non-intrusive se...","url_abs":"https://arxiv.org/abs/2509.07649","url_pdf":"https://arxiv.org/pdf/2509.07649v1","authors":"[\"Ioannis Koufos\",\"Abdul Rehman Qureshi\",\"Adrian Asensio\",\"Allen Abishek\",\"Efstathios Zaragkas\",\"Ricard Vilalta\",\"Maria Souvalioti\",\"George Xilouris\",\"Michael-Alexandros Kourtis\"]","published":"2025-09-09T12:15:46Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.PF\"]","methods":"[]","has_code":false}