Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Why the Future Belongs to the Quants
IEEE Security and Privacy
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Potential impacts of a growing gap between theory and practice in information security
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Computing Exact Outcomes of Multi-parameter Attack Trees
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Processing multi-parameter attacktrees with estimated parameter values
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Practical security analysis of e-voting systems
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Serial model for attack tree computations
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Optimal adversary behavior for the serial model of financial attack trees
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
On fast and approximate attack tree computations
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
Attribute Decoration of Attack-Defense Trees
International Journal of Secure Software Engineering
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
We present a simple risk-analysis based method for studying the security of institutions against rational (gain-oriented) attacks. Our method uses a certain refined form of attack-trees that are used to estimate the cost and the success probability of attacks. We use elementary game theory to decide whether the system under protection is a realistic target for gain-oriented attackers. Attacks are considered unlikely if their cost is not worth their benefits for the attackers. We also show how to decide whether the investments into security are economically justified. We outline the new method and show how it can be used in practice by going through a realistic example.