Environment Characterization and System Modeling Approach for the Quantitative Evaluation of Security

Authors:
Geraldine Vache
Affiliations:
CNRS/ LAAS/ Université/ de Toulouse, Toulouse, France F-31077 and Université/ de Toulouse / UPS, INSA, INP / LAAS , Toulouse, France F-31077
Venue:
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Year:
2009

Citing 8
Cited 0

Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security

IEEE Transactions on Software Engineering
Stochastic activity networks: formal definitions and concepts

Lectures on formal methods and performance analysis
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Inside the Slammer Worm

IEEE Security and Privacy
Scenario graphs and attack graphs

Scenario graphs and attack graphs
Large-scale vulnerability analysis

Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
Estimating Software Vulnerabilities

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article aims at proposing a new approach for the quantitative evaluation of information system security. Our approach focuses on system vulnerabilities caused by design and implementation errors and studies how system environment, considering such vulnerabilities, may endanger the system. The two main contributions of this paper are: 1) the identification of the environmental factors which influence the security system state; 2) the development a Stochastic Activity Network model taking into account the system and these environmental factors. Measures resulting from our modeling are aimed at helping the system designers in the assessment of vulnerability exploitation risks.