Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
k-zero day safety: measuring the security risk of networks against unknown attacks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Scalable analysis of attack scenarios
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Wireless Personal Communications: An International Journal
Fault tolerance for fight-through: a basis for strategic survival
Proceedings of the 4th international conference on Security of information and networks
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process. First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM). Next we employ a predator SSM, based on models used in the biological sciences to predict predatorial behavior, to build an attack path SSM which identifies the attack strategies with Markov chains. Finally the attack path model and a state time estimation algorithm (STEA) are used to build the MTTC intervals for the system. These intervals can be quickly calculated for a broad range of systems and mitigating actions, allowing security architects and managers to intelligently compare systems and determine where resources should be focused to achieve the most effective cost/MTTC ratio.