TY - GEN
T1 - Model-based security metrics using ADversary VIew Security Evaluation (ADVISE)
AU - LeMay, Elizabeth
AU - Ford, Michael D.
AU - Keefe, Ken
AU - Sanders, William H.
AU - Muehrcke, Carol
PY - 2011
Y1 - 2011
N2 - System architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and its adversaries. To provide such metrics, we formally define the ADversary View Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the results of such an attack. The attack decision function uses information about adversary attack preferences and possible attacks against the system to mimic how the adversary selects the most attractive next attack step. The adversary's decision involves looking ahead some number of attack steps. System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. We demonstrate the feasibility and benefits of ADVISE using a case study. To produce quantitative model-based security metrics, we have implemented the ADVISE method in a tool that facilitates user input of system and adversary data and automatically generates executable models.
AB - System architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and its adversaries. To provide such metrics, we formally define the ADversary View Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the results of such an attack. The attack decision function uses information about adversary attack preferences and possible attacks against the system to mimic how the adversary selects the most attractive next attack step. The adversary's decision involves looking ahead some number of attack steps. System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. We demonstrate the feasibility and benefits of ADVISE using a case study. To produce quantitative model-based security metrics, we have implemented the ADVISE method in a tool that facilitates user input of system and adversary data and automatically generates executable models.
KW - Adversary Attack Decisions
KW - Quantitative Security Metrics
KW - State-based Security Model
UR - http://www.scopus.com/inward/record.url?scp=80055043688&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80055043688&partnerID=8YFLogxK
U2 - 10.1109/QEST.2011.34
DO - 10.1109/QEST.2011.34
M3 - Conference contribution
AN - SCOPUS:80055043688
SN - 9780769544915
T3 - Proceedings of the 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
SP - 191
EP - 200
BT - Proceedings of the 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
T2 - 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
Y2 - 5 September 2011 through 8 September 2011
ER -