Users' conceptions of risks and harms on the web: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Stopping spyware at the gate: a user study of privacy, notice and spyware
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Measuring Network Security Using Bayesian Network-Based Attack Graphs
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
Studying users' computer security behavior: A health belief perspective
Decision Support Systems
Folk models of home computer security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Dynamic Security Risk Management Using Bayesian Attack Graphs
IEEE Transactions on Dependable and Secure Computing
The adoption of computer security: an analysis of home personal computer user behavior using the health belief model
Using attack trees to identify malicious attacks from authorized insiders
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Hi-index | 0.00 |
Home computer users present unique challenges to computer security. A user's actions frequently affect security without the user understanding how. Moreover, whereas some home users are quite adept at protecting their machines from security threats, a vast majority are not. Current generation security tools, unfortunately, do not tailor security to the home user's needs and actions. In this work, we propose Personalized Attack Graphs (PAG) as a formal technique to model the security risks for the home computer informed by a profile of the user attributes such as preferences, threat perceptions and activities. A PAG also models the interplay between user activities and preferences, attacker strategies, and system activities within the system risk model. We develop a formal model of a user profile to personalize a single, monolithic PAG to different users, and show how to use the user profile to predict user actions.