IBM Systems Journal - Special issue on cryptology
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Toward a secure system engineering methodolgy
Proceedings of the 1998 workshop on New security paradigms
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Computer
Representing and Using Nonfunctional Requirements: A Process-Oriented Approach
IEEE Transactions on Software Engineering - Special issue on knowledge representation and reasoning in software development
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Extended Description Techniques for Security Engineering
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Security Assessments of Safety Critical Systems Using HAZOPs
SAFECOMP '01 Proceedings of the 20th International Conference on Computer Safety, Reliability and Security
Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
Reliability prediction for component-based software architectures
Journal of Systems and Software - Special issue on: Software architecture - Engineering quality attributes
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Security-Critical System Development with Extended Use Cases
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Risk Management using Behavior based Attack Graphs
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Secrets and Lies: Digital Security in a Networked World
Secrets and Lies: Digital Security in a Networked World
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Risk-based Systems Security Engineering: Stopping Attacks with Intention
IEEE Security and Privacy
Eliciting security requirements with misuse cases
Requirements Engineering
Toward Econometric Models of the Security Risk from Remote Attack
IEEE Security and Privacy
Measurement Framework for Software Privilege Protection Based on User Interaction Analysis
METRICS '05 Proceedings of the 11th IEEE International Software Metrics Symposium
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Early quality prediction of component-based systems - A generic framework
Journal of Systems and Software
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
An automated dependability analysis method for COTS-based systems
ICCBSS'05 Proceedings of the 4th international conference on COTS-Based Software Systems
Model-Driven safety evaluation with state-event-based component failure annotations
CBSE'05 Proceedings of the 8th international conference on Component-Based Software Engineering
Performance prediction of component-based systems
Proceedings of the 2004 international conference on Architecting Systems with Trustworthy Components
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
On Game-Theoretic Network Security Provisioning
Journal of Network and Systems Management
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
Information Sciences: an International Journal
| Hi-index | 0.00 |
Systems and software architects require quantitative dependability evaluations, which allow them to compare the effect of their design decisions on dependability properties. For security, however, quantitative evaluations have proven difficult, especially for component-based systems. In this paper, we present a risk-based approach that creates modular attack trees for each component in the system. These modular attack trees are specified as parametric constraints, which allow quantifying the probability of security breaches that occur due to internal component vulnerabilities as well as vulnerabilities in the component's deployment environment. In the second case, attack probabilities are passed between system components as appropriate to model attacks that exploit vulnerabilities in multiple system components. The probability of a successful attack is determined with respect to a set of attack profiles that are chosen to represent potential attackers and corresponding environmental conditions. Based on these attack probabilities and the structure of the modular attack trees, risk measures can be estimated for the complete system and compared with the tolerable risk demanded by stakeholders. The practicability of this approach is demonstrated with an example that evaluates the confidentiality of a distributed document management system.