Title :
Security Modeling and Analysis
Author :
Bau, Jason ; Mitchell, John C.
Author_Institution :
Comput. Security Lab., Stanford Univ., Stanford, CA, USA
Abstract :
Security modeling centers on identifying system behavior, including any security defenses; the system adversary´s power; and the properties that constitute system security. Once a security model is clearly defined, security analysis evaluates whether the adversary, interacting with the system, can defeat the desired security properties. Although the authors illustrate security analysis using model checking, analysts can use various methods and tools to evaluate system security, including manual and automated theorem-proving tools that provide assurance about the absence of attacks in a specified threat model. This article describes a uniform approach for evaluating system security and illustrates the approach by summarizing three case studies. Security modeling and analysis also provides a basis for comparative evaluation and some forms of security metrics.
Keywords :
formal verification; security of data; model checking; security analysis; security defenses; security metrics; security modeling; system behavior; theorem-proving tools; Adaptation model; Analytical models; Computational modeling; Computer security; Electronic mail; Privacy; Protocols; Security; Security modeling; formal methods; model checking; security analysis;
Journal_Title :
Security & Privacy, IEEE
