Title :
Evaluation of Risk for Complex Systems Using Attack Surface
Author :
Krautsevich, Leanid ; Martinelli, F. ; Yautsiukhin, Artsiom
Author_Institution :
Inst. of Inf. & Telematics, Pisa, Italy
Abstract :
Many approaches for security assessment were recently proposed. In particular, attack graphs and attack surface gained a lot of attention. Nevertheless, these approaches suffer from several drawbacks. For example, attack graph operates only with known vulnerabilities and it is unclear how attack surface (metric) contributes to the risk picture for a complex system. We introduce a novel formal approach for modelling cyber attacks and evaluating of security of complex systems. Our formalisation unites attack surface and attack graph approaches and establishes an explicit link between these approaches and security risk assessment. In this way we are able to exploit the advantages of these three security evaluation approaches in a common framework overcoming many shortcomings of using these approaches separately.
Keywords :
computer crime; program verification; software reliability; attack graphs; attack surface; complex systems security evaluation; cyber attacks modelling; formal approach; risk evaluation; security risk assessment; Analytical models; Equations; Measurement; Nickel; Risk management; Security; Software; Attack Graph; Attack Surface; Complex Systems; Risk;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.19
