DocumentCode
643177
Title
Security metrics for risk assessment of distributed information systems
Author
Kotenko, Igor ; Doynikova, Elena
Author_Institution
St. Petersburg Inst. for Inf. & Autom., St. Petersburg, Russia
Volume
02
fYear
2013
fDate
12-14 Sept. 2013
Firstpage
646
Lastpage
650
Abstract
The paper considers the main issues and recommendations for using the risk assessment techniques based on the analysis of static, dynamic and historical security information. The system of security metrics and techniques for their calculation are suggested. Proposed techniques are based on attack graphs and service dependencies. They allow evaluating security of network topologies, malefactors and attack characteristics, and integral security properties and characteristics calculated on the basis of the cost-benefit and zero-day vulnerability analysis. The approach is intended to be implemented in the framework of the FP7 EU MASSIF project.
Keywords
computer network security; cost-benefit analysis; graph theory; information systems; risk management; telecommunication network topology; FP7 EU MASSIF project; attack characteristics; attack graphs; cost-benefit analysis; distributed information systems; dynamic security information analysis; historical security information analysis; integral security characteristics; integral security properties; malefactor characteristics; network topology security evaluation; risk assessment techniques; security metrics system; service dependencies; static security information analysis; zero-day vulnerability analysis; Computational modeling; Conferences; Generators; Measurement; Risk management; Security; Topology; attack graphs; cyber security; risk assessment; security metrics; service dependencies;
fLanguage
English
Publisher
ieee
Conference_Titel
Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013 IEEE 7th International Conference on
Conference_Location
Berlin
Print_ISBN
978-1-4799-1426-5
Type
conf
DOI
10.1109/IDAACS.2013.6663004
Filename
6663004
Link To Document