• DocumentCode
    187405
  • Title

    Evaluation of Risk for Complex Systems Using Attack Surface

  • Author

    Krautsevich, Leanid ; Martinelli, F. ; Yautsiukhin, Artsiom

  • Author_Institution
    Inst. of Inf. & Telematics, Pisa, Italy
  • fYear
    2014
  • fDate
    3-6 Nov. 2014
  • Firstpage
    275
  • Lastpage
    280
  • Abstract
    Many approaches for security assessment were recently proposed. In particular, attack graphs and attack surface gained a lot of attention. Nevertheless, these approaches suffer from several drawbacks. For example, attack graph operates only with known vulnerabilities and it is unclear how attack surface (metric) contributes to the risk picture for a complex system. We introduce a novel formal approach for modelling cyber attacks and evaluating of security of complex systems. Our formalisation unites attack surface and attack graph approaches and establishes an explicit link between these approaches and security risk assessment. In this way we are able to exploit the advantages of these three security evaluation approaches in a common framework overcoming many shortcomings of using these approaches separately.
  • Keywords
    computer crime; program verification; software reliability; attack graphs; attack surface; complex systems security evaluation; cyber attacks modelling; formal approach; risk evaluation; security risk assessment; Analytical models; Equations; Measurement; Nickel; Risk management; Security; Software; Attack Graph; Attack Surface; Complex Systems; Risk;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
  • Conference_Location
    Naples
  • Type

    conf

  • DOI
    10.1109/ISSREW.2014.19
  • Filename
    6983852
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=187405