Models and tools for quantitative assessment of operational security
Information systems security
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Tools for performance evaluation of computer systems: historical evolution and perspectives
PERFORM'10 Proceedings of the 2010 IFIP WG 6.3/7.3 international conference on Performance Evaluation of Computer and Communication Systems: milestones and future challenges
Quantitative security evaluation of a multi-biometric authentication system
SAFECOMP'12 Proceedings of the 2012 international conference on Computer Safety, Reliability, and Security
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Hi-index | 0.00 |
To provide insight on system security and aid decision-makers, we propose the ADversary VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a system's security. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. This paper describes the system and adversary characterization data that are collected as input for the executable model. This paper also describes the simulation algorithms for adversary attack behavior and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tool is currently under development to facilitate automatic model generation and simulation. The ADVISE method aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions.