Fast model-based penetration testing

Sankalp Singh, James Lyons, David M. Nicol

Research output: Contribution to journalConference article

Abstract

Traditional approaches to security evaluation have been based on penetration testing of real systems, or analysis of formal models of such systems. The former suffer from the problem that the security metrics are based on only a few of the possible paths through the system. The latter suffer from the inability to analyze detailed system descriptions due to the rapid explosion of state space sizes, which render the models intractable for tools such as model checkers. We propose an approach to obtain statistically valid estimates of security metrics by performing repeated penetration testing of detailed system models. We make use of importance sampling techniques to help reduce the variance of our estimates, and achieve relative error bounds quickly. We validate our approach by estimating security metrics of a large model with more than 21700 possible states.

Original languageEnglish (US)
Pages (from-to)309-316
Number of pages8
JournalProceedings - Winter Simulation Conference
Volume1
StatePublished - Dec 1 2004
EventProceedings of the 2004 Winter Simulation Conference - Washington, DC, United States
Duration: Dec 5 2004Dec 8 2004

Fingerprint

Penetration
Model-based
Testing
Metric
Importance sampling
Importance Sampling
Formal Model
Relative Error
Explosion
Model
Estimate
Error Bounds
Explosions
State Space
Valid
Path
Evaluation

ASJC Scopus subject areas

  • Software
  • Modeling and Simulation
  • Computer Science Applications

Cite this

Fast model-based penetration testing. / Singh, Sankalp; Lyons, James; Nicol, David M.

In: Proceedings - Winter Simulation Conference, Vol. 1, 01.12.2004, p. 309-316.

Research output: Contribution to journalConference article

Singh, Sankalp ; Lyons, James ; Nicol, David M. / Fast model-based penetration testing. In: Proceedings - Winter Simulation Conference. 2004 ; Vol. 1. pp. 309-316.
@article{633f17d6104a434790723dfdd2218c1b,
title = "Fast model-based penetration testing",
abstract = "Traditional approaches to security evaluation have been based on penetration testing of real systems, or analysis of formal models of such systems. The former suffer from the problem that the security metrics are based on only a few of the possible paths through the system. The latter suffer from the inability to analyze detailed system descriptions due to the rapid explosion of state space sizes, which render the models intractable for tools such as model checkers. We propose an approach to obtain statistically valid estimates of security metrics by performing repeated penetration testing of detailed system models. We make use of importance sampling techniques to help reduce the variance of our estimates, and achieve relative error bounds quickly. We validate our approach by estimating security metrics of a large model with more than 21700 possible states.",
author = "Sankalp Singh and James Lyons and Nicol, {David M.}",
year = "2004",
month = "12",
day = "1",
language = "English (US)",
volume = "1",
pages = "309--316",
journal = "Proceedings - Winter Simulation Conference",
issn = "0891-7736",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Fast model-based penetration testing

AU - Singh, Sankalp

AU - Lyons, James

AU - Nicol, David M.

PY - 2004/12/1

Y1 - 2004/12/1

N2 - Traditional approaches to security evaluation have been based on penetration testing of real systems, or analysis of formal models of such systems. The former suffer from the problem that the security metrics are based on only a few of the possible paths through the system. The latter suffer from the inability to analyze detailed system descriptions due to the rapid explosion of state space sizes, which render the models intractable for tools such as model checkers. We propose an approach to obtain statistically valid estimates of security metrics by performing repeated penetration testing of detailed system models. We make use of importance sampling techniques to help reduce the variance of our estimates, and achieve relative error bounds quickly. We validate our approach by estimating security metrics of a large model with more than 21700 possible states.

AB - Traditional approaches to security evaluation have been based on penetration testing of real systems, or analysis of formal models of such systems. The former suffer from the problem that the security metrics are based on only a few of the possible paths through the system. The latter suffer from the inability to analyze detailed system descriptions due to the rapid explosion of state space sizes, which render the models intractable for tools such as model checkers. We propose an approach to obtain statistically valid estimates of security metrics by performing repeated penetration testing of detailed system models. We make use of importance sampling techniques to help reduce the variance of our estimates, and achieve relative error bounds quickly. We validate our approach by estimating security metrics of a large model with more than 21700 possible states.

UR - http://www.scopus.com/inward/record.url?scp=17744381411&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=17744381411&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:17744381411

VL - 1

SP - 309

EP - 316

JO - Proceedings - Winter Simulation Conference

JF - Proceedings - Winter Simulation Conference

SN - 0891-7736

ER -