Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
The Amulet Environment: New Models for Effective User Interface Software Development
IEEE Transactions on Software Engineering
Models and tools for quantitative assessment of operational security
Information systems security
Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Survivability analysis of networked systems
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
An Experimental Study of Security Vulnerabilities Caused by Errors
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Modeling and evaluating the security threats of transient errors in firewall software
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Security analysis of SITAR intrusion tolerance system
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Security modeling and quantification of intrusion tolerant systems using attack-response graph
Journal of High Speed Networks
Modeling and Simulation in Security Evaluation
IEEE Security and Privacy
Empirical relation between coupling and attackability in software systems:: a case study on DOS
Proceedings of the 2006 workshop on Programming languages and analysis for security
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Minimum-cost network hardening using attack graphs
Computer Communications
Automated adaptive intrusion containment in systems of interacting services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Complexity Measures for Secure Service-Oriented Software Architectures
PROMISE '07 Proceedings of the Third International Workshop on Predictor Models in Software Engineering
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
Archetypal behavior in computer security
Journal of Systems and Software
Network externalities, layered protection and IT security risk management
Decision Support Systems
An algorithm for the appraisal of assurance indicators for complex business processes
Proceedings of the 2007 ACM workshop on Quality of protection
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Journal of Systems and Software
An Adversary Aware and Intrusion Detection Aware Attack Model Ranking Scheme
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Transactions on Computational Science IV
Security compliance: the next frontier in security research
Proceedings of the 2008 workshop on New security paradigms
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Towards Modelling Information Security with Key-Challenge Petri Nets
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Availability Analysis of a Scalable Intrusion Tolerant Architecture with Two Detection Modes
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
CCDC'09 Proceedings of the 21st annual international conference on Chinese control and decision conference
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
Journal of Management Information Systems
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Optimizing security measures in an intrusion tolerant database system
ISAS'08 Proceedings of the 5th international conference on Service availability
Optimizing the decision to expel attackers from an information system
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Adversary-driven state-based system security evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Using trust-based information aggregation for predicting security level of systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
State space approach to security quantification
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Towards autonomic mode control of a scalable intrusion tolerant architecture
ATC'10 Proceedings of the 7th international conference on Autonomic and trusted computing
Trust-based security level evaluation using Bayesian belief networks
Transactions on computational science X
Risk-neutral evaluation of information security investment on data centers
Journal of Intelligent Information Systems
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Availability analysis of an IMS-based VoIP network system
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Computer vulnerability evaluation using fault tree analysis
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A planner-based approach to generate and analyze minimal attack graph
Applied Intelligence
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Assessing security risk to a network using a statistical model of attacker community competence
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
An adaptive mode control algorithm of a scalable intrusion tolerant architecture
Journal of Computer and System Sciences
Modelling interdependencies between the electricity and information infrastructures
SAFECOMP'07 Proceedings of the 26th international conference on Computer Safety, Reliability, and Security
Modeling and security analysis of enterprise network using attack–defense stochastic game Petri nets
Security and Communication Networks
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
Hi-index | 0.00 |
This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its security vulnerabilities. Quantitative measures that estimate the effort an attacker might expend to exploit these vulnerabilities to defeat the system security objectives are proposed. A set of tools has been developed to compute such measures and has been used in an experiment to monitor a large real system for nearly two years. The experimental results are presented and the validity of the measures is discussed. Finally, the practical usefulness of such tools for operational security monitoring is shown and a comparison with other existing approaches is given.