ABSTRACT
To provide insight on system security and aid decision-makers, we propose the ADversary VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a system's security. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. This paper describes the system and adversary characterization data that are collected as input for the executable model. This paper also describes the simulation algorithms for adversary attack behavior and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tool is currently under development to facilitate automatic model generation and simulation. The ADVISE method aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions.
- }}D. Buckshaw, G. Parnell, W. Unkenholz, D. Parks, J. Wallner, and O. S. Saydjari. Mission oriented risk and design analysis of critical information systems. Military Operations Research, 10(2):19--38, 2005.Google ScholarCross Ref
- }}M. Dacier and Y. Deswarte. Privilege graph: an extension to the typed access matrix model. In ESORICS '94: Proceedings of the Third European Symposium on Research in Computer Security, pages 319--334, London, UK, 1994. Springer-Verlag. Google ScholarDigital Library
- }}M. Dacier, Y. Deswarte, and M. Kaâniche. Models and tools for quantitative assessment of operational security. pages 177--186, 1996. Google ScholarDigital Library
- }}S. Evans and J. Wallner. Risk based security engineering through the eyes of the adversary. In Proceedings of the 2005 IEEE Workshop on Information Assurance. United States Military Academy, West Point, NY, June 2005.Google ScholarCross Ref
- }}R. Ortalo, Y. Deswarte, and M. Kaâniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng., 25(5):633--650, 1999. Google ScholarDigital Library
- }}O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated generation and analysis of attack graphs. In SP '02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, page 273, Washington, DC, USA, 2002. IEEE Computer Society. Google ScholarDigital Library
- }}O. M. Sheyner. Scenario graphs and attack graphs. PhD thesis, Pittsburgh, PA, USA, 2004. Chair-Wing, Jeannette. Google ScholarDigital Library
- }}G. Stoneburner, A. Goguen, and A. Feringa. Risk Management Guide for Information Technology Systems (SP 800-30). National Institute of Standards and Technology, Gaithersburg, Maryland, July 2002.Google Scholar
- }}L. Wang, A. Singhal, and S. Jajodia. Toward measuring network security using attack graphs. In QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection, pages 49--54, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- }}B. Whiteman. Network risk assessment tool (NRAT). IAnewsletter, 11(1):4--8, Spring 2008.Google Scholar
Index Terms
- Adversary-driven state-based system security evaluation
Recommendations
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)
QEST '11: Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTemsSystem architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and ...
Software-driven Security Attacks: From Vulnerability Sources to Durable Hardware Defenses
There is an increasing body of work in the area of hardware defenses for software-driven security attacks. A significant challenge in developing these defenses is that the space of security vulnerabilities and exploits is large and not fully understood. ...
Comments