A near real-time system for security assurance assessment

Proceedings - The 3rd International Conference on Internet Monitoring and Protection, ICIMP 2008

Volumn , Issue , 2008, Pages 152-160

  Pham, Nguyen ^a   Baud, Loic ^a   Bellot, Patrick ^a   Riguidel, Michel ^a  

^a TELECOM PARISTECH   (France)

Author keywords

Security assurance; Security assurance assessment; Security assurance evaluation

Indexed keywords

COMPUTER SOFTWARE; ELECTRIC BREAKDOWN; REAL TIME SYSTEMS;

ANOMALY DETECTIONS; ATTACK GRAPHS; BUILDING SYSTEMS; DRIVEN SYSTEMS; EVALUATION INFRASTRUCTURE; INTERNATIONAL CONFERENCES; INTERNET MONITORING; MULTI-AGENT TECHNOLOGIES; SECURITY ASSURANCE; SECURITY ASSURANCE ASSESSMENT; SECURITY ASSURANCE EVALUATION; SOFTWARE SYSTEMS; STATIC AND DYNAMIC; SUB NETWORKS;

INTERNET;

EID: 51849089070     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIMP.2008.28     Document Type: Conference Paper

References (28)

1. ACSA, ed. (2002) Proceeding of the Workshop on Information Security System Scoring and Ranking (WISSSR), May 21-23, 2001, Williamsburg, Virginia.
2. Ammann, P., Wijesekera, D., Kaushik, S. (2002) Scalable, Graph-Based Network Vulnerability Analysis Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, November 2002. pp 217-224
3. Bishop, M. (2002) Computer Security: Art and Science, Addison Wesley Professional, December 2002.
4. CC (2005) Common Criteria for Information. Technology Security Evaluation. Part 1: Introduction and general model, v2.3. Part 2: Security functional requirements, v2.3. Part 3: Security assurance requirements, v2.3.
5. Clark, K., Tyree, S., Dawkins, J. & Hale, J. (2004) Qualitative and Quantitative Analytical Techniques for Network Security Assessment, Proceeding of the 2004 IEEE Workshop on Information Assurance, June 10-11, West Point, New York.
6. Hunstad, A., Hallberg, J., Andersson, R. (2004) Measuring IT Security -a Method Based on Common Criteria's Security Functional Requirements, Proceedings of the 2004 IEEE Workshop on Information Assurance, West Point, NY, June 2004.
7. nd Annual Computer Security Applications Conference, Florida, 2006.
8. Jajodia, S., Nodel, S., O'Berry, B., (2003) Topological Analysis of Network Attack Vulnerability, Chapter 5, Kluwer Academic Publisher, 2003.
9. Lippmann, R. et al (2005) Evaluating and Strengthening Enterprise Network Security Using Attack Graph, Technical Report, MIT Lincoln Laboratory, Lexington, MA, 2005.
10. Lippmann, R. et al (2005) An Annotated Review of Past Papers on Attack Graphs, Technical Report, MIT Lincoln Laboratory, Lexington, MA, 2005.
11. Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R., Validating and Restoring Defense in Depth Using Attack Graphs, Military Communications Conference, Washington, 2006.
12. Jaquith, A. (2007) Security Metrics - Replacing Fear, Uncertainty and Doubt, Addison Wesley, March 2007.
13. th Edition, Wiley.
14. Nandy, B., Pieda, P., Seddigh, N., Lambadaris, J., Matrway, A., Hatfield, A. (2005) Information Assurance Metrics, Technical report, Public Safety and Emergency Preparedness, 2005, Canada.
15. Nessus security scanner http://www.nessus.org
16. Oman, P., Krings, A., Conte de Leon, D., & Alves-Foss, J. (2004) Analyzing the Security and Survivability of Real-time Control Systems, Proceeding of the 2004 IEEE Workshop on Information Assurance, June 10-11 2004, West Point, New York.
17. nd International Conference on Information Security and Assurance (ISA 2008), Busan, Korea, 2008.
18. Pham, N., Riguidel, M. (2007) Security Assurance Aggregation for IT Infrastructures, Proceeding of the Second International Conference on Systems and Networks Communications, August 25-31, 2007, Cap Esterel, France.
19. Qu, G., Hariri, S., Yousif, M. (2005) Multivariate Statistical Analysis for Network Attacks Detection, Proceedings of the ACS/IEEE 2005 International Conference on Computer Systems and Applications.
20. Riguidel, M.., Hecker, A. & Simon, V. (2006) Armature for Critical Infrastructure, Proceeding of the 2006 IEEE International Conference on Systems, Man, and Cybernetics, October 08-11, 2006, Taipei, Taiwan.
21. Seddigh, N., Pieda, P., Mattrawy, A., Nandy, B., Lambardis, J. & Hatfield, A. (2004) Current Trends and Advances in Information Assurance Metrics, Proceeding of the Second Annual Conference on Privacy, Security and Trust, October 13-15, 2004, New Brunswick, Canada.
22. Swanson, M. (2001) Security Self-Assessment Guide for Information Technology Systems. National Institute of Standards and Technology, Special Publication 800-26, November 2001.
23. Swanson, M., Bartol, N., Sabato, J., Hash, J. & Graffo, L. (2003) Security Metrics Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-55, July 2003.
24. th Annual Hawaii International Conference on System Sciences, January 6-9, 2003, Hawaii.
25. th International Conference on Parallel Processing and Applied Mathematics, 11-14 September, 2005, Poland.
26. st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, July 8-11, 2007, CA, USA.
27. rd International Workshop on Quality of Protection, October 29, 2007.
28. Wang, C. & Wulf, W. (1997) A framework for security measurement, Proceeding of the National Information Systems Security Conference, October 7-10, 1997, Baltimore, Maryland.