Combining defense graphs and enterprise architecture models for security analysis

Proceedings - 12th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2008

Volumn , Issue , 2008, Pages 349-355

  Sommestad, Teodor ^a   Ekstedt, Mathias ^a   Johnson, Pontus ^a  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK GRAPHS; BAYESIAN STATISTICS; COUNTER-MEASURES; DECISION MAKERS; ENTERPRISE ARCHITECTURE MODELS; INFLUENCE DIAGRAMS; ORGANIZATIONAL POLICIES; RATIONAL DECISION MAKINGS; SECURITY ANALYSES; SECURITY ASSESSMENT FRAMEWORKS; SECURITY ASSESSMENTS; SECURITY PROCEDURES; TECHNICAL COUNTERMEASURES;

EXPERT SYSTEMS; KETONES; NUCLEAR MATERIALS SAFEGUARDS; PROBLEM SOLVING;

GRAPH THEORY;

EID: 56649088314     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/EDOC.2008.37     Document Type: Conference Paper

References (25)

1. Y. Liu and M. Hong, Network vulnerability assessment using Bayesian networks, Proceedings of Data Mining, Intrusion detection, Information assurance and Data networks security, Orlando, Florida, USA, 2005, pp
2. S. Bistarelli, F. Fioravanti, P. Peretti, Defense trees for economic evaluation of security investments, Proceedings of Availability, Reliability and Security (ARES), Vienna, Austria, 2006, pp. 8.
3. S. Bistarelli, F. Fioravanti, P. Peretti, Using CP-nets as a Guide for Countermeasure Selection, Proceedings of the 2007 ACM symposium on Applied computing, Seoul, Korea, 2007.
4. P. Johnson, R. Lagerstrom, P. Narman, M. Simonsson., Enterprise Architecture Analysis with Extended Influence Diagrams. Information System Frontiers, 9(2), Springer Netherlands, 2007, pp. 163-180.
5. R. Shachter, Evaluating influence diagrams. Operations Research, 34(6), Institute for Operations Research and the Management Sciences, Hanover Maryland, 1986, pp. 871-882.
6. R.A Howard, J.E. Matheson, Influence Diagrams. Decision Analysis, 2(3), Institute for Operations Research and the Management Sciences, Hanover Maryland, 2005, pp. 127-143.
7. Neapolitan, R. Learning Bayesian Networks. Prentice-Hall, Inc. Upper Saddle River, NJ, USA 2003.
8. Jensen, F.V., Bayesian Networks and Decision Graphs, Springer New York, Secaucus, NJ, USA 2001.
9. P. Johnson, Lagerström, R., Närman, P.: Extended Influence Diagram Generation. Enterprise Interoperability II - New Challenges and Approaches, Springer London, 2007, pp. 599-602.
10. R. Shachter, Probabilistic inference and influence diagrams. Operations Research, 36(4), Hanover Maryland, 1988, pp. 36-40.
11. M.J. Druzdzel and L.C. van der Gaag, Elicitation of Probabilities for Belief Networks: Combining Qualitative and Quantitative Information, Proceeding of the 11th Conference on Uncertainty in Artificial Intelligence, 1995, pp. 141-148.
12. M.J. Druzdzel and L.C. van der Gaag, Building probabilistic networks: where do the numbers come from?, IEEE Transactions on Knowledge Data Engineering, 12(4), 2000, pp. 481-6.
13. M. Howard and D. C. LeBlanc. Writing Secure Code, Microsoft Press, Redmond, WA, USA, 2002.
14. S. E. Schechter. Computer Security Strength & Risk: A Quantitative Approach. PhD thesis, Harvard University, 2004.
15. B. Schneier. Attack trees: Modeling security threats. Dr. Dobb's Journal, 1999.
16. N. L. Foster. The application of software and safety engineering techniques to security protocol development. PhD thesis, Univ. of York, Dep. Of Computer Science, 2002.
17. S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In Proc. of the 15th Computer Security Foundation Workshop, June 2002.
18. O. Sheyner "Scenario Graphs and Attack Graphs," Carnegie Mellon University, April 2004. PhD Thesis.
19. O. Sheyner and J.M. Wing, "Tools for Generating and Analyzing Attack Graphs," Proceedings of Workshop on Formal Methods for Components and Objects, 2004, pp. 344-371.
20. J.J.C.H. Ryan and D.J. Ryan, Expected benefits of information security investments, Computers & Security, 25(8), 2006, pp 579-588.
21. R. Vaughn, R. Henning, and A. Siraj, Information assurance Measures and Metrics: State of Practice and Proposed Taxonomy. Proceedings of 36th Hawaiian International Conference on System Sciences, 2003, pp. 331-334.
22. E. Johansson, Assessment of Enterprise Information Security - How to make it Credible and Efficient, PhD Thesis, Royal Institute of Technology (KTH), 2005.
23. S. Bistarelli, M. Dall'Aglio, P. Peretti, "Strategic games on defense trees", Formal Aspects in Security and Trust, Springer Berlin / Heidelberg, 2007, pp. 1-15.
24. th ACM Conference on Computer and Communications Security (CCS '02), pages 217-224, Washington, DC, November 2002.
25. Philips, C., Swiler, L.P, Graph-Based System for Network-Vulnerability Analysis, Proceedings of the 1998 workshop on New security paradigms, 1998.