Assessing the risk of an information infrastructure through security dependencies

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4347 LNCS, Issue , 2006, Pages 42-54

  Baiardi, F ^a   Suin, S ^a   Telmon, C ^a   Pioli, M ^b  

^a UNIVERSITY OF PISA   (Italy)

^b ENEL   (Italy)

Author keywords

Countermeasure; Mitigation plan; Ranking; Risk assessment; Vulnerability

Indexed keywords

ABSTRACTION LEVEL; ATTACK STRATEGIES; COUNTERMEASURE; INFORMATION INFRASTRUCTURES; MITIGATION PLANS; RANKING; SECURITY ATTRIBUTES; VULNERABILITY;

CRITICAL INFRASTRUCTURES;

RISK ASSESSMENT;

EID: 80053192249     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11962977_4     Document Type: Conference Paper

References (21)

1. C. Alberts, A. Dorofee, Managing Information Security Risks. Addison-Wesley, 2002.
2. P. Ammann, et al. Scalable, Graph-based Network Vulnerability Analysis, 9th ACM Conf. on Computer and Communications security, Nov. 2002, Washington, DC, USA
3. R.J. Anderson Security Engineering A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2001.
4. F. Baiardi, et al. Constrained Automata: a Formal Tool for ICT Risk Assessment, NATO Advanced Research Workshop on Information Security and Assurance, Marocco, June 2005
5. B. Barber, J. Davey, The use of the CCTA risk analysis and management methodology CRAMM. Proc. MEDINFO92, North Holland, 1589 pp.1593, 1992.
6. CORAS: A platform for risk analysis of security critical systems. IST-2000-25031, 2000.
7. J. Dawkins, C. Campbell, J. Hale, Modeling Network Attacks: Extending the Attack Tree Paradigm, Statistical and Machine Learning in Computer Intrusion Detection, June 2002.
8. L. Gordon, M. Loeb. The economics of information security investment. ACM Trans. on Information and System Security 5(4) 2002. pp.438-457.
9. R.P. Lipmann, K.W. Ingols, An Annotated Review of Past Paper on Attack Graphs, Project Report, Lincoln Lab. MIT, March 2005.
10. IEC 1025: 1990 Fault tree analysis (FTA).
11. S. Jha, O. Sheyner, J. Wing, Two Formal Analysis of Attack Graphs, 15th IEEE Computer Security Foundations Workshop, p.49, June 2002.
12. P. Moore, R. J. Ellison, R. C. Linger, Attack modeling for information security and survivability, CMU/SEI-2001-TN001.
13. National Infrastructure Advisory Council, The Common Vulnerability Scoring System, Final Report and Recomandations, Oct. 2004
14. P. Ning, et al., Constructing attack scenarios through correlation of intrusion alerts, 9th ACM Conf. on Computer and Communications Security, Nov. 2002, Washington, DC, USA.
15. C. Phillips, L. Painton Swiler, A graph-based system for network-vulnerability analysis, Workshop on New Security Paradigms, p.71-79, Sept.1998.
16. R. Ritchey, et al., Representing TCP/IP Connectivity For Topological Analysis of Network Security, 18th Annual Computer Security Applications Conf, p.25, Dec. 2002.
17. S. Russell, P. Norving, Artificial Intelligence: a Modern Approach, Prentice Hall, 2003
18. O. Sheyner, et al., Automated Generation and Analysis of Attack Graphs, Proc. of the 2002 IEEE Symposium on Security and Privacy, May 12-15, 2002.
19. O. M. Sheyner, Scenario Graphs and Attack Graphs, CMU-CS-04-122, 2004.
20. L.P. Swiler, C. Phillips, D. Ellis, S. Chakerian, Computer-Attack Graph Generation Tool, Proc. of the DARPA Information Survivability Conf, June 2001.
21. V. Swarup, S. Jajodia, J. Pamula, Rule-Based Topological Vulnerability Analysis, 3rd Int. Wor. on Math. Methods, Models and Arc. for Network Security, S. Petersburg Sept. 2005.