Title :
Attack-potential-based survivability modeling for high-consequence systems
Author_Institution :
Center for High Assurance Comput. Syst., Naval Res. Lab., Washington, DC, USA
Abstract :
Previous quantitative models of security or survivability have been defined on a range of probable intruder behavior. This measures survivability as a statistic such as mean time to breach. This kind of purely stochastic quantification is not suitable for high-consequence systems. For high-consequence systems the quantified survivability should be based on the most competent intruders the system is likely to face. We show how to accomplish this with a contingency analysis based on variations in intruder attack-potential. The quantitative results are then organized and presented according to intruder attack potential. Examples of the technique are presented using stochastic process algebra. An interesting result for diverse replication is included in the examples.
Keywords :
fault tolerant computing; process algebra; safety-critical software; security of data; stochastic processes; attack-potential-based survivability modeling; contingency analysis; high-consequence systems; intruder attack-potential; intruder behavior; quantitative models; security; statistics; stochastic process algebra; stochastic quantification; survivability measures; system intruders; Algebra; Computer security; Data security; Information security; Laboratories; Resource management; Statistics; Stochastic processes; Stochastic systems; Time measurement;
Conference_Titel :
Information Assurance, 2005. Proceedings. Third IEEE International Workshop on
Print_ISBN :
0-7695-2317-X
DOI :
10.1109/IWIA.2005.4
