@inproceedings{5af7c09c7bf64bd18a536739760c8c93,
title = "Adversary-driven state-based system security evaluation",
abstract = "To provide insight on system security and aid decision-makers, we propose the ADversary VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a system's security. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. This paper describes the system and adversary characterization data that are collected as input for the executable model. This paper also describes the simulation algorithms for adversary attack behavior and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tool is currently under development to facilitate automatic model generation and simulation. The ADVISE method aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions.",
author = "Elizabeth LeMay and Willard Unkenholz and Donald Parks and Carol Muehrcke and Ken Keefe and Sanders, {William H.}",
year = "2010",
doi = "10.1145/1853919.1853926",
language = "English (US)",
isbn = "9781450303408",
series = "6th International Workshop on Security Measurements and Metrics, MetriSec 2010",
booktitle = "6th International Workshop on Security Measurements and Metrics, MetriSec 2010",
note = "6th International Workshop on Security Measurements and Metrics, MetriSec 2010 ; Conference date: 15-09-2010 Through 15-09-2010",
}