Author :
Sanders, William H.
Author_Institution :
Electr. & Comput. Eng. & Comput. Sci. Dept., Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
Abstract :
Summary form only given. Making sound security decisions when designing, operating, and maintaining a complex system is a challenging task. Analysts need to be able to understand and predict how different factors affect the overall system security. During system design, security analysts want to compare the security of multiple proposed system architectures. After a system is deployed, analysts want to determine where security enhancement should be focused by examining how the system is most likely to be successfully penetrated. And when several security enhancement options are being considered, analysts would like to evaluate the relative merits of each. In each of these scenarios, quantitative security metrics could provide insight on system security and aid security decisions. Quantitative metrics enable ranking the alternatives to determine the best option. Quantitative assessments of system security are also valuable for risk management trade-o ff decisions. To provide insight on system security and aid decision-makers, we propose the ADversary View Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a system´s security. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. This talk describes the system and adversary characterization data that are collected as input for the executable model. It also describes the simulation algorithms for adversary attack behavior and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tool is currently under development to facilitate automatic model generation and simulation. The ADVISE method aggregates security-rele- ant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions.
Keywords :
decision making; risk management; security of data; software metrics; task analysis; adversary attack behavior; adversary view security evaluation; complex system; decision-maker; executable state-based security model; holistic system security decision; quantitative assessment; quantitative security metrics; risk management; security analyst; system architecture; system security;
Conference_Titel :
Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS), 2010 IEEE International Symposium on
Conference_Location :
Miami Beach, FL
Print_ISBN :
978-1-4244-8181-1
DOI :
10.1109/MASCOTS.2010.8
