Title :
Experimenting with quantitative evaluation tools for monitoring operational security
Author :
Ortalo, Rodolphe ; Deswarte, Yves ; Kaaniche, Mohamed
Author_Institution :
Lab. d´´Autom. et d´´Anal. des Syst., CNRS, Toulouse, France
Abstract :
This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its security vulnerabilities. Quantitative measures that estimate the effort an attacker might expend to exploit these vulnerabilities to defeat the system security objectives are proposed. A set of tools has been developed to compute such measures and has been used in an experiment to monitor a large real system for nearly two years. The experimental results are presented and the validity of the measures is discussed. Finally, the practical usefulness of such tools for operational security monitoring is shown and a comparison with other existing approaches is given
Keywords :
graph theory; security of data; experiment; operational security monitoring; privilege graph; quantitative evaluation tools; Collaborative software; Collaborative work; Computer Society; Computer networks; Computer security; Computerized monitoring; Data security; Information security; Power system interconnection; Power system security;
Journal_Title :
Software Engineering, IEEE Transactions on
