Modeling humans: A general agent model for the evaluation of security

Michael Rausch, Ahmed Fawaz, Ken Keefe, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.

Original languageEnglish (US)
Title of host publicationQuantitative Evaluation of Systems - 15th International Conference, QEST 2018, Proceedings
EditorsAndras Horvath, Annabelle McIver
Number of pages16
ISBN (Print)9783319991535
StatePublished - 2018
Event15th International Conference on Quantitative Evaluation of Systems, QEST 2018 - Beijing, China
Duration: Sep 4 2018Sep 7 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11024 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other15th International Conference on Quantitative Evaluation of Systems, QEST 2018


  • Cost benefit analysis
  • GAMES formalism
  • Human modeling
  • Quantitative cyber security modeling
  • Risk analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Cite this