Modeling humans: A general agent model for the evaluation of security

Michael Rausch; Ahmed Fawaz; Ken Keefe; William H. Sanders

doi:10.1007/978-3-319-99154-2_23

Modeling humans: A general agent model for the evaluation of security

Michael Rausch, Ahmed Fawaz, Ken Keefe, William H. Sanders

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.

Original language	English (US)
Title of host publication	Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings
Editors	Andras Horvath, Annabelle McIver
Publisher	Springer
Pages	373-388
Number of pages	16
ISBN (Print)	9783319991535
DOIs	https://doi.org/10.1007/978-3-319-99154-2_23
State	Published - 2018
Event	15th International Conference on Quantitative Evaluation of Systems, QEST 2018 - Beijing, China Duration: Sep 4 2018 → Sep 7 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11024 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	15th International Conference on Quantitative Evaluation of Systems, QEST 2018
Country/Territory	China
City	Beijing
Period	9/4/18 → 9/7/18

Keywords

Cost benefit analysis
GAMES formalism
Human modeling
Quantitative cyber security modeling
Risk analysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-319-99154-2_23

Library availability

Discover UIUC Full Text

Cite this

Rausch, M., Fawaz, A., Keefe, K., & Sanders, W. H. (2018). Modeling humans: A general agent model for the evaluation of security. In A. Horvath, & A. McIver (Eds.), Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings (pp. 373-388). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11024 LNCS). Springer. https://doi.org/10.1007/978-3-319-99154-2_23

Modeling humans: A general agent model for the evaluation of security. / Rausch, Michael; Fawaz, Ahmed; Keefe, Ken et al.
Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings. ed. / Andras Horvath; Annabelle McIver. Springer, 2018. p. 373-388 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11024 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Rausch, M, Fawaz, A, Keefe, K & Sanders, WH 2018, Modeling humans: A general agent model for the evaluation of security. in A Horvath & A McIver (eds), Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11024 LNCS, Springer, pp. 373-388, 15th International Conference on Quantitative Evaluation of Systems, QEST 2018, Beijing, China, 9/4/18. https://doi.org/10.1007/978-3-319-99154-2_23

Rausch M, Fawaz A, Keefe K, Sanders WH. Modeling humans: A general agent model for the evaluation of security. In Horvath A, McIver A, editors, Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings. Springer. 2018. p. 373-388. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-99154-2_23

Rausch, Michael ; Fawaz, Ahmed ; Keefe, Ken et al. / Modeling humans : A general agent model for the evaluation of security. Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings. editor / Andras Horvath ; Annabelle McIver. Springer, 2018. pp. 373-388 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dedde01cc8bd4620a2004aac6a9c950a,

title = "Modeling humans: A general agent model for the evaluation of security",

abstract = "Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.",

keywords = "Cost benefit analysis, GAMES formalism, Human modeling, Quantitative cyber security modeling, Risk analysis",

author = "Michael Rausch and Ahmed Fawaz and Ken Keefe and Sanders, {William H.}",

year = "2018",

doi = "10.1007/978-3-319-99154-2_23",

language = "English (US)",

isbn = "9783319991535",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "373--388",

editor = "Andras Horvath and Annabelle McIver",

booktitle = "Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings",

address = "Germany",

note = "15th International Conference on Quantitative Evaluation of Systems, QEST 2018 ; Conference date: 04-09-2018 Through 07-09-2018",

}

TY - GEN

T1 - Modeling humans

T2 - 15th International Conference on Quantitative Evaluation of Systems, QEST 2018

AU - Rausch, Michael

AU - Fawaz, Ahmed

AU - Keefe, Ken

AU - Sanders, William H.

PY - 2018

Y1 - 2018

N2 - Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.

AB - Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.

KW - Cost benefit analysis

KW - GAMES formalism

KW - Human modeling

KW - Quantitative cyber security modeling

KW - Risk analysis

UR - http://www.scopus.com/inward/record.url?scp=85053119443&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85053119443&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-99154-2_23

DO - 10.1007/978-3-319-99154-2_23

M3 - Conference contribution

AN - SCOPUS:85053119443

SN - 9783319991535

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 373

EP - 388

BT - Quantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings

A2 - Horvath, Andras

A2 - McIver, Annabelle

PB - Springer

Y2 - 4 September 2018 through 7 September 2018

ER -

Modeling humans: A general agent model for the evaluation of security

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this