Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Analysis of Timing Requirements for Intrusion Detection System
DEPCOS-RELCOMEX '07 Proceedings of the 2nd International Conference on Dependability of Computer Systems
Evaluation of SOA Security Metrics Using Attack Graphs
DEPCOS-RELCOMEX '08 Proceedings of the 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX
Attack graph based evaluation of network security
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
In the paper, a proposal of risk assessment for service oriented architecture (SOA) is given. The proposal is based on service availability metrics that is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. Resource consumption, in terms of host-processing time, bandwidth of physical connections utilisation are the new features of an atomic attack given in this paper. Taking into account, resources engaged during attacks have been divided into: resources charging attacks (performance attacks) and non-resources charging attacks (functional attacks). The attack graphs of the second type attacks are similar to the graph attacks presented in literature. The attack graphs of the first attack type are new. A model of intrusion detection system is also given.