On stochastic modeling for integrated security and dependability evaluation

Journal of Networks

Volumn 1, Issue 5, 2006, Pages 31-42

  Sallhammar, Karin ^a   Helvik, Bjarne E ^a   Knapskog, Svein J ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Game theory; Integrating security and dependability; Security measures; Stochastic models

Indexed keywords

GAME THEORY; NETWORK SECURITY; STOCHASTIC SYSTEMS;

DEPENDABILITY EVALUATION; INTEGRATING SECURITY; PROBABILISTIC PREDICTION; SECURITY FAILURE; SECURITY MEASURE; STOCHASTIC GAME; TRADITIONAL MARKOV ANALYSIS; VIEWING SYSTEMS;

STOCHASTIC MODELS;

EID: 60449090394     PISSN: 17962056     EISSN: None     Source Type: Journal    
DOI: 10.4304/jnw.1.5.31-42     Document Type: Article

References (26)

1. "ISO/IEC 13335: Information Technology - Guidelines for the management of IT Security," http://www.iso.org.
2. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing," IEEE Transactions on Dependable and Secure Computing, vol. 1, pp. 11-33, January-March 2004.
3. "ISO 15408: Common Criteria for Information Technology Security Evaluation," 1999, http://www.commoncriteria.org.
4. D. Powell and R. Stroud (eds.), "Malicious- and accidental-fault tolerance for internet applications -Conceptual model and architecture," 2001. [Online]. Available: citeseer.ist.psu.edu/474556.html
5. E. Jonsson, "Towards an integrated conceptual model of security and dependability," in Proceedings of the First International Comference on Availability, Reliability and Security (AReS), 2006.
6. D. M. Nicol, W. H. Sanders, and K. S. Trivedi, "Model-based evaluation: From dependability to security," IEEE Transactions on Dependable and Secure Computing, vol. 1, pp. 48-65, January-March 2004.
7. S. Jha, O. Sheyner, and J. Wing, "Two formal analyses of attack graphs," in Proceedings of the 2002 Computer Security Foundations Workshop, 2002.
8. B. E. Helvik, Dependable Computing Systems and Communication Networks, Design and Evaluation, draft lecture notes (256 p.), Department of Telematics, NTNU, Nov. 2003.
9. J. A. Buzacott, "Markov approach to finding failure times of repairable systems," IEEE Transactions on Reliability, vol. 19, pp. 128-134, November 1970.
10. E. Jonsson and T. Olovsson, "A quantitative model of the security intrusion process based on attacker behavior," IEEE Transactions of Software Engineering, vol. 23, no. 4, pp. 235-245, April 1997.
11. A. Arora, "A statistical analysis of computer attacks using data from the honeynet project," Carnegie Mellon CyLab. http://www.cylab.cmu.edu/.
12. G. Owen, Game Theory, 3rd ed. Academic Press, 2001.
13. K. Lye and J. M. Wing, "Game strategies in network security," International Journal of Information Security, vol. 4, no. 1-2, pp. 71-86, 2005.
14. T. Alpcan and T. Basar, "A game theoretic approach to decision and analysis in network intrusion detection," in Proceedings of the 42nd IEEE Conference on Decision and Control, December 2003.
15. P. Liu and W. Zang, "Incentive-based modeling and inference of attacker intent, objectives, and strategies," in Proceedings of the 10th ACM conference on computer and communication security, 2003, pp. 179-189.
16. L. S. Shapley, "Stochastic games," Proceedings of the National Academy of Science USA, vol. 39, pp. 1095-1100, 1953.
17. S. Stahl, A Gentle Introduction to Game Theory. American Mathematical Society, 1991.
18. "The development of a meaningful hacker taxonomy: A two dimensional approach," CERIAS Tech Report 2005-2043, Tech. Rep., 2005.
19. E. Jonsson, L. Stromberg, and S. Lindskog, "On the functional relation between security and dependability impairments," in Proceedings of the New Security Paradigms Workshop 1999, Sep. 22-24 1999.
20. R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with quantitative evaluation tools for monitoring operational security," IEEE Transactions on Software Engineering, vol. 25, no. 5, pp. 633-650, Sept/Oct 1999.
21. B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Dobson, McDermid J., and D. Goll-mann, "Towards operational measures of computer security," Journal of Computer Security, vol. 2, pp. 211-229, Oct 1993.
22. K. B. B. Madan, K. V. Goseva-Popstojanova, and K. S. Trivedi, "A method for modeling and quantifying the security attributes of intrusion tolerant systems," in Performance Evaluation, vol. 56, 2004.
23. F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal, "Model-based validation of an intrusion-tolerant information system," in Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Oct 18-20 2004.
24. K. Sallhammar, B. E. Helvik, and S. J. Knapskog, "Towards a stochastic model for integrated security and dependability evaluation," in Proceedings of the First International Comference on Availability, Reliability and Security (AReS), 2006.
25. C. A. Holt and A. E. Roth, "The Nash equilibrium: A perspective," in Proceedings of the National Academy of Sciences, vol. 101, no. 12, March 23 2004.
26. A. A rnes, K. Sallhammar, K. Haslum, T. Brekne, M. E. G. Moe, and S. J. Knapskog, "Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems," in International Conference on Computational Intelligence and Security (CIS), Dec 2005.