Towards a stochastic model for integrated security and dependability evaluation

Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006

Volumn 2006, Issue , 2006, Pages 156-163

  Sallhammar, Karin ^a   Helvik, Bjarne E ^a   Knapskog, Svein J ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SIMULATION; MARKOV PROCESSES; MATHEMATICAL MODELS; PROBABILITY; RANDOM PROCESSES; SECURITY SYSTEMS;

DEPENDABILITY EVALUATION; MODEL ATTACKS; STOCHASTIC MODEL;

SECURITY OF DATA;

EID: 33750944742     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2006.137     Document Type: Conference Paper

References (19)

1. The development of a meaningful hacker taxonomy: A two dimensional approach. Technical report, CERIAS Tech Report 2005-43, 2005.
2. Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1:11-33, January-March 2004.
3. K. B. B. Madan, K. Vaidyanathan Goseva-Popstojanova, and K. S. Trivedi. A method for modeling and quantifying the security attributes of intrusion tolerant systems. In Performance Evaluation, volume 56, 2004.
4. John A. Buzacott. Markov approach to finding failure times of repairable systems. IEEE Transactions on Reliability, R-19:128-134, November 1970.
5. Charles A. Holt and A. E. Roth. The Nash equilibrium: A perspective. In Proceedings of the National Academy of Sciences, volume 101, March 23 2004.
6. ISO/IEC 13335: Information Technology - Guidelines for the management of IT Security, http://www.iso.org.
7. ISO 15408: Common Criteria for Information Technology Security Evaluation, 1999. http://www.commoncriteria.org.
8. E. Jonsson and T. Olovsson. A quantitative model of the security intrusion process based on attacker behavior. IEEE Trans. Software Eng., 4(25):235, April 1997.
9. E. Jonsson, L. Strömberg, and S. Lindskog. On the functional relation between security and dependability impairments. In Proceedings of the New Security Paradigms Workshop 1999, Sep. 22-24 1999.
10. B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Dobson, McDermid J., and D. Gollmann. Towards operational measures of computer security. Journal of Computer Security, 2:211-229, Oct 1993.
11. Peng Liu and Wanyu Zang. Incentive-based modeling and inference of attacker intent, objectives, and strategies. In Proceedings of the 10th ACM conference on computer and communication security, pages 179-189, 2003.
12. Kong-wei Lye and Jeannette M. Wing. Game strategies in network security. International Journal of Information Security, 4(1-2):71-86, 2005.
13. David M. Nicol, William H. Sanders, and Kishor S. Trivedi. Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing, 1:48-65, January-March 2004.
14. R. Ortalo, Y. Deswarte, and M. Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 25(5):633-650, Sept/Oct 1999.
15. G. Owen. Game Theory. Academic Press, 3rd edition, 2001.
16. David Powell and Robert Stroud (eds.). Malicious- and accidental-fault tolerance for internet applications - Conceptual model and architecture, 2001.
17. K. Sallhammar, S. J. Knapskog, and B. E. Helvik. Using stochastic game theory to compute the expected behavior of attackers. In Proceedings of the 2005 International Symposium on Applications and the Internet (Saint2005) Workshops, 2005.
18. Karin Sallhammar, Bjarne E. Helvik, and Svein J. Knapskog. Incorporating attacker behavior in stochastic models of security. In Proceedings of the 2005 International Conference on Security and Management (SAM'05), 2005.
19. F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal. Model-based validation of an intrusion-tolerant information system. In Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Oct 18-20 2004.