Writing Secure Code
A Methodology for Describing Information and Physical Security Architectures
IFIP/Sec '92 Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Reasoning with conditional ceteris paribus preference statements
UAI'99 Proceedings of the Fifteenth conference on Uncertainty in artificial intelligence
Possibility theory for reasoning about uncertain soft constraints
ECSQARU'05 Proceedings of the 8th European conference on Symbolic and Quantitative Approaches to Reasoning with Uncertainty
Analyzing Security Scenarios Using Defence Trees and Answer Set Programming
Electronic Notes in Theoretical Computer Science (ENTCS)
A model-based semi-quantitative approach for evaluating security of enterprise networks
Proceedings of the 2008 ACM symposium on Applied computing
Answer set optimization for and/or composition of CP-nets: a security scenario
CP'07 Proceedings of the 13th international conference on Principles and practice of constraint programming
Decision support for Cybersecurity risk planning
Decision Support Systems
Individual countermeasure selection based on the return on response investment index
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Selection of optimal countermeasure portfolio in IT security planning
Decision Support Systems
| Hi-index | 0.00 |
In this paper we present a qualitative approach for the selection of security countermeasures able to protect an IT system from attacks. For this purpose, we model security scenarios by using defense trees (an extension of attack trees) and preferences over countermeasure using Conditional Preference networks (CP-nets for short). In particular, we introduce two different methods for the composition of preferences: the and-composition and the or-composition. The first one is used to determine a preference order in the selection of countermeasures able to mitigate the risks produced by conjunct attacks. The second one is used to determine a preference order over sets of countermeasures able to mitigate the risks produced by alternative attacks.