Attack-potential-based survivability modeling for high-consequence systems

Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005

Volumn , Issue , 2005, Pages 119-130

  McDermott, J ^a  

^a NAVAL RESEARCH LABORATORY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

RANDOM PROCESSES;

CONTINGENCY ANALYSIS; HIGH-CONSEQUENCE SYSTEM; QUANTITATIVE MODELS; QUANTITATIVE RESULT; STOCHASTIC PROCESS ALGEBRAS; STOCHASTICS; SURVIVABILITY MODELING;

STOCHASTIC SYSTEMS;

EID: 85070912494     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. R. Anderson. Why information security is hard - an economic perspective. In Proc. 17th Annual Computer Security Applications Conference, New Orleans, Louisianna, USA, December 2001. Also available in Chapt. 23 of R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, 2001.
2. A. Avizenis, J. Laprie, and B. Randell. Fundamental concepts of dependability. In Third Information Survivability Workshop, Boston, MA, October 2000.
3. R. Bazzi and G. Neiger. Simplifying fault-tolerance: providing abstraction of crash failures. JACM, 48(3), May 2001.
4. D. Dolev and A. Yao. On the security of public-key protocols. IEEE Trans. on Information Theory, 29, 1983.
5. S. Donatelli and J. Hillston. A comparison of performance evaluation process algebra and generalized stochastic petri nets. In Proc. Sixth Int. Workshop on Petri Nets and Performance Models, Durham, North Carolina, USA, October 1995.
6. S. Gilmore, J. Hillston, and M. Ribaudo. PEPA nets: a structured performance modeling formalism. In T. Field, P.G. Harrison, J. Bradley, and U. Harder, editors, Proc. 12th Int. Conference on Modelling Tools and Techniques for Computer and Communication System Performance Evaluation., LNCS 2324, London, UK, April 2002. Springer-Verlag.
7. K. Goseva-Popstojanova, F. Wang, R. Wang, F. Gong, K. Vaidyanathan, K. Trivedi, and B. Muthusamy. Characterizing intrusion tolerant systems using a state transition model. In DARPA Information Survivability Conference and Exposition II DISCEX II, Anaheim, California, USA, June 2001.
8. J. Hillston. A Compositional Approach to Performance Modeling. PhD thesis, University of Edinburgh, 1995. CST-107-94, also published by Cambridge University Press 1996.
9. J. Hillston. A Compositional Approach to Performance Modelling. Cambridge University Press, 1996.
10. E. Jonsson and T. Olovssson. A quantitative model of the security intrustion process based on attacker behavior. IEEE Trans. on Software Engineering, 23(4), April 1997.
11. G. Karjoth and J. Posegga. Mobile agents and tel-cos nightmares. Annales des Télécommunications, 55(7/8):29-41, 2000.
12. O. Kolesnikov and W. Lee. Advanced polymorphic worms: Evading IDS by blending in with normal traffic.//http:/www.cc.gatech.edu/-ok/w/ok pw.pdf, Retrieved 9 November 2004.
13. J.-C. Laprie, J. Arlat, J.-P. Blanquart, A. Costes, Y. Crouzet, Y. Deswarte, J.-C. Fabre, H. Guillermain, M. Kâniche, K. Kanoun, C. Mazet, D. Powell, C. Rabéjac, and P. Thévenod. Dependability Guidebook. Cépaduès-Editions, Toulouse, 1995.
14. B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Dobson, J. McDermid, and D. Gollmann. Towards operational measures of computer security. Journal of Computer Security, 2((2-3)), 1993.
15. R. Ortalo, Y. Deswarte, and M. Kaâniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 25(5):633-650, Sept.-Oct. 1999.
16. P. Pal, M. Atighetchi, F. Webber, R. Schantz, and C. Jones. Reflections on evaluating survivability: The APOD experiments. In In Proc. 2nd IEEE International Symposium on Network Computing and Applications (NCA-03), Cambridge, MA, USA, April 2003.
17. D. Powell and R. Stroud. Malicious- and accidental-fault tolerance for internet applications: Conceptual model and architecture. Technical report, MAFTIA deliverable D2 (available as LAAS-CNRS Rep. 01426 or University of Newcastle upon Tyne CS-TR-749), November 2001.
18. J. Rochlis and M. Eichin. With microscope and tweezers: the worm from MIT's perspective. CACM, 32:689-698, June 1989.
19. F. Schneider and L. Zhou. Distributed trust: Supporting fault-tolerance and attack-tolerance. Technical Report TR 2004-1924, Cornell Computer Science Department, January 2004. submitted for publication.
20. G. Schudel and B Wood. Adversary work factor as a metric for information assurance. In Proc. New Security Paradigms Workshop, Ballycotton, County Cork, Ireland, September 2000.
21. S. Singh, M. Cukier, and W. Sanders. Probablistic validation of an intrusion-tolerant replication system. In Proc. 2003 Int. Conf. on Dependable Systems and Networks DNS'03, San Francisco, California, USA, June 2003.
22. stealth. Kernel rootkit experiences. Phrack, 0x0b(0x3d):Phile 0x0e, July 2003.
23. F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. Myer, W. Sanders, and P. Pal. Model-based validation of an intrusion-tolerant information system. In 23rd IEEE Int. Sym. on Reliable Distributed Systems (SRDS04), pages 184-194, Florianpolis, Brazil, October 2004.
24. K. Tan, J. McHugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In F. Petitcolas, editor, Information Hiding 2002 LNCS 2578, pages 1-17. Springer-Verlag, 2003.
25. K. Thompson. Reflections on trusting trust. CACM, 27(8), August 1984.