State-based analysis in ADVISE

Michael D. Ford; Peter Buchholz; William H. Sanders

doi:10.1109/QEST.2012.36

State-based analysis in ADVISE

Michael D. Ford, Peter Buchholz, William H. Sanders

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

There is an increasing need for quantitative security metrics to empower the decision-making of system architects and administrators. We previously defined the ADVISE method, which combines a state-based security model and an adversary profile to generate quantitative metrics through simulation. Since simulation is often costly, particularly when applied to the analysis of rare events like successful attacks against a system, we extend the analysis methods of ADVISE to Markov chain analysis techniques that enable the efficient and accurate computation of a wide variety of quantitative security measures. With these analysis approaches, it is possible to extend the type of metrics available when using the ADVISE method while lifting previous restrictions placed on the adversary profile.

Original language	English (US)
Title of host publication	Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012
Pages	148-157
Number of pages	10
DOIs	https://doi.org/10.1109/QEST.2012.36
State	Published - Dec 13 2012
Event	2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012 - London, United Kingdom Duration: Sep 17 2012 → Sep 20 2012

Publication series

Name	Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012

Other

Other	2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012
Country/Territory	United Kingdom
City	London
Period	9/17/12 → 9/20/12

Keywords

Numerical methods
Quantitative analysis
Security

ASJC Scopus subject areas

Control and Systems Engineering

Online availability

10.1109/QEST.2012.36

Library availability

Discover UIUC Full Text

Cite this

State-based analysis in ADVISE. / Ford, Michael D.; Buchholz, Peter; Sanders, William H.
Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012. 2012. p. 148-157 6354643 (Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ford, MD, Buchholz, P & Sanders, WH 2012, State-based analysis in ADVISE. in Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012., 6354643, Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012, pp. 148-157, 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012, London, United Kingdom, 9/17/12. https://doi.org/10.1109/QEST.2012.36

@inproceedings{9bc5dbf5d1c74df3aa136c9d16cc1643,

title = "State-based analysis in ADVISE",

abstract = "There is an increasing need for quantitative security metrics to empower the decision-making of system architects and administrators. We previously defined the ADVISE method, which combines a state-based security model and an adversary profile to generate quantitative metrics through simulation. Since simulation is often costly, particularly when applied to the analysis of rare events like successful attacks against a system, we extend the analysis methods of ADVISE to Markov chain analysis techniques that enable the efficient and accurate computation of a wide variety of quantitative security measures. With these analysis approaches, it is possible to extend the type of metrics available when using the ADVISE method while lifting previous restrictions placed on the adversary profile.",

keywords = "Numerical methods, Quantitative analysis, Security",

author = "Ford, {Michael D.} and Peter Buchholz and Sanders, {William H.}",

year = "2012",

month = dec,

day = "13",

doi = "10.1109/QEST.2012.36",

language = "English (US)",

isbn = "9780769547817",

series = "Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012",

pages = "148--157",

booktitle = "Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012",

note = "2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012 ; Conference date: 17-09-2012 Through 20-09-2012",

}

TY - GEN

T1 - State-based analysis in ADVISE

AU - Ford, Michael D.

AU - Buchholz, Peter

AU - Sanders, William H.

PY - 2012/12/13

Y1 - 2012/12/13

N2 - There is an increasing need for quantitative security metrics to empower the decision-making of system architects and administrators. We previously defined the ADVISE method, which combines a state-based security model and an adversary profile to generate quantitative metrics through simulation. Since simulation is often costly, particularly when applied to the analysis of rare events like successful attacks against a system, we extend the analysis methods of ADVISE to Markov chain analysis techniques that enable the efficient and accurate computation of a wide variety of quantitative security measures. With these analysis approaches, it is possible to extend the type of metrics available when using the ADVISE method while lifting previous restrictions placed on the adversary profile.

AB - There is an increasing need for quantitative security metrics to empower the decision-making of system architects and administrators. We previously defined the ADVISE method, which combines a state-based security model and an adversary profile to generate quantitative metrics through simulation. Since simulation is often costly, particularly when applied to the analysis of rare events like successful attacks against a system, we extend the analysis methods of ADVISE to Markov chain analysis techniques that enable the efficient and accurate computation of a wide variety of quantitative security measures. With these analysis approaches, it is possible to extend the type of metrics available when using the ADVISE method while lifting previous restrictions placed on the adversary profile.

KW - Numerical methods

KW - Quantitative analysis

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84870729487&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870729487&partnerID=8YFLogxK

U2 - 10.1109/QEST.2012.36

DO - 10.1109/QEST.2012.36

M3 - Conference contribution

AN - SCOPUS:84870729487

SN - 9780769547817

T3 - Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012

SP - 148

EP - 157

BT - Proceedings - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012

T2 - 2012 9th International Conference on Quantitative Evaluation of Systems, QEST 2012

Y2 - 17 September 2012 through 20 September 2012

ER -

State-based analysis in ADVISE

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this