Title :
Value Driven Security Threat Modeling Based on Attack Path Analysis
Author :
Chen, Yue ; Boehm, Barry ; Sheppard, Luke
Author_Institution :
Center for Software Eng., Univ. of Southern California, Los Angeles, CA
Abstract :
This paper presents a quantitative threat modeling method, the threat modeling method based on attack path analysis (T-MAP), which quantifies security threats by calculating the total severity weights of relevant attack paths for commercial off the shelf (COTS) systems. Compared to existing approaches, T-MAP is sensitive to an organization´s business value priorities and IT environment. It distills the technical details of thousands of relevant software vulnerabilities into management-friendly numbers at a high-level. T-MAP can help system designers evaluate the security performance of COTS systems and analyze the effectiveness of security practices. In the case study, we demonstrate the steps of using T-MAP to analyze the cost-effectiveness of how system patching and upgrades can improve security. In addition, we introduce a software tool that automates the T-MAP
Keywords :
security of data; software packages; software tools; COTS; attack path analysis; commercial off the shelf systems; quantitative threat modeling method; software tool; value driven security threat modeling; Business; Computer security; Data security; Environmental economics; Information analysis; Information security; Investments; Performance analysis; Risk analysis; Solid modeling;
Conference_Titel :
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2007.601
