TY - GEN
T1 - The multiple-asymmetric-utility system model
T2 - 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
AU - Eskins, Douglas
AU - Sanders, William H.
PY - 2011
Y1 - 2011
N2 - Traditional cyber security modeling approaches either do not explicitly consider system participants or assume a fixed set of participant behaviors that are independent of the system. Increasingly, accumulated cyber security data indicate that system participants can play an important role in the creation or elimination of cyber security vulnerabilities. Thus, there is a need for cyber security analysis tools that take into account the actions and decisions of human participants. In this paper, we present a modeling approach for quantifying how participant decisions can affect system security. Specifically, we introduce a definition of a cyber-human system (CHS) and its elements, the opportunity-willingness-capability (OWC) ontology for classifying CHS elements with respect to system tasks, the human decision point (HDP) as a first-class system model element, and the multiple-asymmetric-utility system modeling framework for evaluating the effects of HDPs on a CHS. This modeling approach provides a structured and quantitative means of analyzing cyber security problems whose outcomes are influenced by human-system interactions.
AB - Traditional cyber security modeling approaches either do not explicitly consider system participants or assume a fixed set of participant behaviors that are independent of the system. Increasingly, accumulated cyber security data indicate that system participants can play an important role in the creation or elimination of cyber security vulnerabilities. Thus, there is a need for cyber security analysis tools that take into account the actions and decisions of human participants. In this paper, we present a modeling approach for quantifying how participant decisions can affect system security. Specifically, we introduce a definition of a cyber-human system (CHS) and its elements, the opportunity-willingness-capability (OWC) ontology for classifying CHS elements with respect to system tasks, the human decision point (HDP) as a first-class system model element, and the multiple-asymmetric-utility system modeling framework for evaluating the effects of HDPs on a CHS. This modeling approach provides a structured and quantitative means of analyzing cyber security problems whose outcomes are influenced by human-system interactions.
KW - Cyber-Human Systems
KW - Human Decision Points
KW - Quantitative Security Model
KW - State-based Security Model
UR - http://www.scopus.com/inward/record.url?scp=80055063017&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80055063017&partnerID=8YFLogxK
U2 - 10.1109/QEST.2011.38
DO - 10.1109/QEST.2011.38
M3 - Conference contribution
AN - SCOPUS:80055063017
SN - 9780769544915
T3 - Proceedings of the 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
SP - 233
EP - 242
BT - Proceedings of the 2011 8th International Conference on Quantitative Evaluation of Systems, QEST 2011
Y2 - 5 September 2011 through 8 September 2011
ER -