• DocumentCode
    265649
  • Title

    Evolving Secure Information Systems through Attack Simulation

  • Author

    Kiesling, Elmar ; Ekelhart, Andreas ; Grill, Bernhard ; Stummer, Christian ; Strauss, Christine

  • Author_Institution
    Vienna Univ. of Technol., Vienna, Austria
  • fYear
    2014
  • fDate
    6-9 Jan. 2014
  • Firstpage
    4868
  • Lastpage
    4877
  • Abstract
    In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.
  • Keywords
    evolutionary computation; security of data; attack simulation; behavioral perspective; complex information system security; conceptual security knowledge modeling; evolutionary optimization; multiple risk; secure information system; social perspective; threat agent; Abstracts; Availability; Context; Educational institutions; Information systems; Optimization; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2014 47th Hawaii International Conference on
  • Conference_Location
    Waikoloa, HI
  • Type

    conf

  • DOI
    10.1109/HICSS.2014.597
  • Filename
    6759200
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=265649