Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Stochastic activity networks: formal definitions and concepts
Lectures on formal methods and performance analysis
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
IEEE Security and Privacy
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Large-scale vulnerability analysis
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Estimating Software Vulnerabilities
IEEE Security and Privacy
Hi-index | 0.00 |
This article aims at proposing a new approach for the quantitative evaluation of information system security. Our approach focuses on system vulnerabilities caused by design and implementation errors and studies how system environment, considering such vulnerabilities, may endanger the system. The two main contributions of this paper are: 1) the identification of the environmental factors which influence the security system state; 2) the development a Stochastic Activity Network model taking into account the system and these environmental factors. Measures resulting from our modeling are aimed at helping the system designers in the assessment of vulnerability exploitation risks.