Modeling the symptomatic fixes archetype in enterprise computer security

Proceedings - International Computer Software and Applications Conference

Volumn 1, Issue , 2006, Pages 178-185

  Rosenfeld, Shalom N ^a   Rus, Ioana ^b   Cukier, Michel ^c  

^a UNIVERSITY OF MARYLAND   (United States)

^b UNIVERSITY OF MARYLAND   (United States)

^c Fraunhofer Ctr Exp Software Eng   (United States)

Author keywords

Attacks; Countermeasures; Human factors; Software and computer system security; System archetypes; System dynamics; System modeling and simulation

Indexed keywords

ENTERPRISE COMPUTER SECURITY; SYSTEM ARCHETYPES; SYSTEM DYNAMICS; SYSTEM MODELING;

COMPUTER SIMULATION; DECISION MAKING; MATHEMATICAL MODELS; SOFTWARE ARCHITECTURE;

SECURITY OF DATA;

EID: 34247519266     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2006.62     Document Type: Conference Paper

References (24)

1. L. A. Gordon, M. P. Loeb, et al. (2004). Ninth Annual CSI/FBI Computer Crime and Security Survey. Computer Security Institute, CA. www.gocsi.com/forms/ fbi/csi_fbi_survey.jhtml
2. S. Gibson. "The Strange Tale of the Denial of Service Attacks Against GRC.com." March 2002. Gibson Research Corporation. Online: www.grc.com/files/grcdos.pdf
3. J. W. Forrester, Industrial Dynamics, Cambridge: The Wright-Allen Press, 1961.
4. P. Senge, A. Kleiner, C. Roberts, R. Ross, B. Smith, The Fifth Discipline Fieldbook, Doubleday, 1994, pp. 113-189.
5. K. Marais and N. Leveson. Archetypes for Organizational Safety. Presented at IRIA03. [Online]. Available: http://sunnyday.mit.edu/papers/iria-marais.pdf
6. S. N. Rosenfeld, I. Rus, and M. Cukier, "Modeling and Simulation of the Escalation Archetype in Computer Security," presented at Symposium on Simulation Software Security (SSSS06), Huntsville, AL, April 2006.
7. Imagine That, Inc. Extend. v. 6.07, [CD-ROM, Windows 98/ME/NT4/2K/XP]. San Jose, CA, 2005.
8. E. F. Wolstenholme, "Towards the Definition and Use of a Core Set of Archetypal Structures in System Dynamics," System Dynamics Review, vol. 19, no. 1, Spring 2003, pp. 7-26.
9. P. Senge, The Fifth Discipline, Doubleday, 1990.
10. W. Braun. (2002, Feb. 27). The Systems Archetypes. www.uni-klu.ac.at/ ~gossimit/pap/sd/wb_sysarch.pdf
11. L. A. Gordon and M. P. Loeb, "The Economics of Information Security Investment," ACM Trans. Information and System Security, vol. 5, no. 4, November 2002, pp. 438-457.
12. L. Bodin, L. Gordon, and M. P. Loeb, "Evaluating Information Security Investments Using the Analytic Hierarchy Process," Comm. of. the ACM, vol. 28, no. 2, pp. 79-83.
13. D. Bergemann, J. Feigenbaum, S. Shenker, and J. Smith, "Towards an Economic Analysis of Trusted Systems," presented at Third Annual Workshop on Economics and Information Security (WEIS '04). Minneapolis, May 13-14, 2004.
14. U.S. Department of Defense Standard, "Department of Defense Trusted Computer System Evaluation Criteria" ("Orange Book"), DOD 5200.28-STD, Library No. S225,7ll, Dec. 1985.
15. ISO/IEC International Standards (IS) 15408-1:1999, 15408-2:1999, and 15408-3:1999, "Common Criteria for Information Technology Security Evaluation": Parts 1-3, Version 2.1, August 1999 (CCIMB-99-031, CCIMB-99-032, and CCIMB-99-033). http://csrc.nist.gov/cc/ccv20/ccv21ist.htm
16. C. E. Irvine et al, "Cyberciege: An Information Assurance Teaching Tool for Training and Awareness," presented at Fed. Info. Sys. Security Educators' Association Conference (FISSEA05), North Bethesda, MD, March 2005.
17. C. Landwehr, "Formal Models for Computer Security," Computer Surveys, vol. 13, no. 3, Sept. 1981
18. J. Lowry, "An Initial Foray into Understanding Adversary Planning and Courses of Action," in Proc. DARPA Information Survivability Conf. and Exposition II (DISCEX'01), 2001.
19. F. Gong, K. Goseva-Popstojanova, F. Wang, R. Wang, K. Vaidyanathan, K. Trivedi, and B. Muthusamy, "Characterizing Intrusion Tolerant Systems Using A State Transition Model," in Proc. DARPA Information Survivability Conference and Exposition II. DISCEX'01, 2001.
20. S. Jha and J. M. Wing, "Survivability Analysis of Networked Systems," in Proc. 23rd International Conference on Software Engineering (ICSE 2001), p. 307-317, 2001.
21. R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security," IEEE Transactions on Software Engineering, vol. 25, no. 5, pp. 633-650, Sept.-Oct. 1999.
22. F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal, "Model-Based Validation of an Intrusion-Tolerant Information System," in Proc. of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Florianópolis, Brazil, October 18-20, 2004, pp. 184-194.
23. S. Panjwani et al, "An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack," in Proc. International Conference on Dependable Systems and Networks (DSN05), Yokohama, Japan, June 28-July 1, 2005.
24. C. L. Huntley, "A Developmental View of System Security," Computer, vol. 39, no. 1, pp. 113-114, January 2006.