Implementing the ADVISE security modeling formalism in Möbius

Michael D. Ford, Ken Keefe, Elizabeth Lemay, William H. Sanders, Carol Muehrcke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The ADversary VIew Security Evaluation (ADVISE) model formalism provides a system security model from the perspective of an adversary. An ADVISE atomic model consists of an attack execution graph (AEG) composed of attack steps, system state variables, and attack goals, as well as an adversary profile that defines the abilities and interests of a particular adversary. The ADVISE formalism has been implemented as a Möbius atomic model formalism in order to leverage the existing set of mature modeling formalisms and solution techniques offered by Möbius. This tool paper explains the ADVISE implementation in Möbius and provides technical details for Möbius users who want to use ADVISE either alone or in combination with other modeling formalisms provided by Möbius.

Original languageEnglish (US)
Title of host publication2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
DOIs
StatePublished - Sep 9 2013
Event2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013 - Budapest, Hungary
Duration: Jun 24 2013Jun 27 2013

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
CountryHungary
CityBudapest
Period6/24/136/27/13

Fingerprint

Security systems

Keywords

  • Möbius Atomic Model Formalism
  • Quantitative Security Metrics
  • State-based Security Model

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Ford, M. D., Keefe, K., Lemay, E., Sanders, W. H., & Muehrcke, C. (2013). Implementing the ADVISE security modeling formalism in Möbius. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013 [6575362] (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2013.6575362

Implementing the ADVISE security modeling formalism in Möbius. / Ford, Michael D.; Keefe, Ken; Lemay, Elizabeth; Sanders, William H.; Muehrcke, Carol.

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. 6575362 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ford, MD, Keefe, K, Lemay, E, Sanders, WH & Muehrcke, C 2013, Implementing the ADVISE security modeling formalism in Möbius. in 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013., 6575362, Proceedings of the International Conference on Dependable Systems and Networks, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013, Budapest, Hungary, 6/24/13. https://doi.org/10.1109/DSN.2013.6575362
Ford MD, Keefe K, Lemay E, Sanders WH, Muehrcke C. Implementing the ADVISE security modeling formalism in Möbius. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. 6575362. (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2013.6575362
Ford, Michael D. ; Keefe, Ken ; Lemay, Elizabeth ; Sanders, William H. ; Muehrcke, Carol. / Implementing the ADVISE security modeling formalism in Möbius. 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. (Proceedings of the International Conference on Dependable Systems and Networks).
@inproceedings{804c78dd13884da291e5259ab7c90d03,
title = "Implementing the ADVISE security modeling formalism in M{\"o}bius",
abstract = "The ADversary VIew Security Evaluation (ADVISE) model formalism provides a system security model from the perspective of an adversary. An ADVISE atomic model consists of an attack execution graph (AEG) composed of attack steps, system state variables, and attack goals, as well as an adversary profile that defines the abilities and interests of a particular adversary. The ADVISE formalism has been implemented as a M{\"o}bius atomic model formalism in order to leverage the existing set of mature modeling formalisms and solution techniques offered by M{\"o}bius. This tool paper explains the ADVISE implementation in M{\"o}bius and provides technical details for M{\"o}bius users who want to use ADVISE either alone or in combination with other modeling formalisms provided by M{\"o}bius.",
keywords = "M{\"o}bius Atomic Model Formalism, Quantitative Security Metrics, State-based Security Model",
author = "Ford, {Michael D.} and Ken Keefe and Elizabeth Lemay and Sanders, {William H.} and Carol Muehrcke",
year = "2013",
month = "9",
day = "9",
doi = "10.1109/DSN.2013.6575362",
language = "English (US)",
isbn = "9781467364713",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
booktitle = "2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013",

}

TY - GEN

T1 - Implementing the ADVISE security modeling formalism in Möbius

AU - Ford, Michael D.

AU - Keefe, Ken

AU - Lemay, Elizabeth

AU - Sanders, William H.

AU - Muehrcke, Carol

PY - 2013/9/9

Y1 - 2013/9/9

N2 - The ADversary VIew Security Evaluation (ADVISE) model formalism provides a system security model from the perspective of an adversary. An ADVISE atomic model consists of an attack execution graph (AEG) composed of attack steps, system state variables, and attack goals, as well as an adversary profile that defines the abilities and interests of a particular adversary. The ADVISE formalism has been implemented as a Möbius atomic model formalism in order to leverage the existing set of mature modeling formalisms and solution techniques offered by Möbius. This tool paper explains the ADVISE implementation in Möbius and provides technical details for Möbius users who want to use ADVISE either alone or in combination with other modeling formalisms provided by Möbius.

AB - The ADversary VIew Security Evaluation (ADVISE) model formalism provides a system security model from the perspective of an adversary. An ADVISE atomic model consists of an attack execution graph (AEG) composed of attack steps, system state variables, and attack goals, as well as an adversary profile that defines the abilities and interests of a particular adversary. The ADVISE formalism has been implemented as a Möbius atomic model formalism in order to leverage the existing set of mature modeling formalisms and solution techniques offered by Möbius. This tool paper explains the ADVISE implementation in Möbius and provides technical details for Möbius users who want to use ADVISE either alone or in combination with other modeling formalisms provided by Möbius.

KW - Möbius Atomic Model Formalism

KW - Quantitative Security Metrics

KW - State-based Security Model

UR - http://www.scopus.com/inward/record.url?scp=84883389934&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883389934&partnerID=8YFLogxK

U2 - 10.1109/DSN.2013.6575362

DO - 10.1109/DSN.2013.6575362

M3 - Conference contribution

AN - SCOPUS:84883389934

SN - 9781467364713

T3 - Proceedings of the International Conference on Dependable Systems and Networks

BT - 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013

ER -