Computer Communications (1873703X)52pp. 47-59
In this paper, we propose a new approach for quantitative security analysis of computer systems. We intend to derive a metric of how much private information about a computer system can be disclosed to attackers. In fact, we want to introduce a methodology in order to be able to quantify our intuitive interpretation of how attackers act and how much they are predictable. This metric can be considered as an appropriate indicator for quantifying the security level of computer systems. We call the metric "Mean Privacy" and suggest a method for its quantification. It is quantified by using an information-theoretic model. For this purpose, we utilize a variant of attack tree that is able to systematically represent all feasible malicious attacks that are performed to violate the security of a system. The attack tree, as the underlying attack model, will be parameterized with some probability mass functions. The quantitative model will be used to express our intuition of the complexity of the attacks quantitatively. The usefulness of the proposed model lies in the context of security analysis. In fact, the analysis approach can be employed in some ways: Among several options for a system, we can indicate the most secure one using the metric as a comparative indicator. The security analysis of systems that operate under a variety of anticipated attack plans and different interaction environments can be carried out. Finally, new security policies, countermeasures and strategies can be applied to increase the security level of the systems. © 2014 Elsevier B.V. All rights reserved.
Computer Networks (13891286)57(10)pp. 2159-2180
To trust a computer system that is supposed to be secure, it is necessary to predict the degree to which the system's security level can be achieved when operating in a specific environment under cyber attacks. In this paper, we propose a state-based stochastic model for obtaining quantitative security metrics representing the level of a system's security. The main focus of the study is on how to model the progression of an attack process over time. The basic assumption of our model is that the time parameter plays the essential role in capturing the nature of an attack process. In practice, the attack process will terminate successfully, possibly after a number of unsuccessful attempts. What is important is, indeed, the estimation of how long it takes to be conducted. The proposed stochastic model is parameterized based on a suitable definition of time distributions describing attacker's actions and system's reactions over time. For this purpose, probability distribution functions are defined and assigned to transitions of the model for characterizing the temporal aspects of the attacker and system behavior. With the definition of the distributions, the stochastic model will be recognized to be a semi-Markov chain. This mathematical model will be analytically solved to calculate the desirable quantitative security metrics, such as mean time to security failure and steady-state security. The proposed method shows a systematic development of the stochastic modeling techniques and concepts, used frequently in the area of dependability evaluation, for attack process modeling. Like any other modeling method, the proposed model is also constructed based on some underlying assumptions, which are specific to the context of security analysis. © 2013 Elsevier B.V. All rights reserved.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (03029743)5430pp. 200-214
The aim is to propose a new approach for stochastic modeling of an intrusion process and quantitative evaluation of the probability of the attacker success. In many situations of security analysis, it is necessary to obtain the probabilities of success for attackers in an intrusion process. In the proposed method, the intrusion process is considered as elementary attack phases. In each atomic phase the attacker and the system interact and this interaction can transfer the current system state to a secure or failure state. Intrusion process modeling is done by a semi-Markov chain (SMC). The distribution functions assigned to the SMC transitions are a linear combination of some uniform distributions. These mixture distributions represent the time distribution of the attacker or the system in the transient states. In order to evaluate the security measure, the SMC is converted into a discrete-time Markov chain (DTMC) and then the resulting DTMC is analyzed and the probability of the attacker success is com uted based on mathematical theorems. The desired security measure is evaluated with respect to the temporal aspects of the attacker behavior. ©Springer-Verlag Berlin Heidelberg 2009.
The aim is to develop a suitable method for quantifying security. We use stochastic modeling techniques for this purpose. An intrusion process is considered as a series of elementary attack phases and at each phase the interactions between the attacker and the system are analyzed rigorously. It is assumed that a typical attacker needs some time to perform an elementary attack phase. On the other hand, it is assumed that the attacker may be detected by the system and thus the overall intrusion process is interrupted. The attacker skill level and the system's abilities are characterized by the uniform distribution functions assigned to the transitions of the model. The underlying stochastic model is recognized as a semi- Markov chain. For security analysis, some valid assumptions about intrusion process are considered. Also, two quantitative security measures are defined and evaluated based on the model. The proposed method is demonstrated by modeling a complicated attack process and evaluating the desired security measures © 2009 IEEE.
Security quantification is a topic that has gained a lot of interest in the research community during the recent years. In this paper, a new method is proposed for modeling and quantifying attack effects on a computer system. In this work, intrusion process is considered as atomic sequential steps. Each atomic step changes the current system state. On the other hand, system tries to prevent and detect the attacker activity and therefore can transfer the current system state to a secure state. Intrusion process modeling is done by a semi-Markov chain (SMC). Distribution functions assigned to SMC transitions are uniform distributions. Uniform distributions represent the sojourn time of the attacker or the system in the transient states. Then the SMC is converted into a discrete-time Markov chain (DTMC). The DTMC is analyzed and then the probability of attacker success is computed based on mathematical theorems. The SMC has two absorbing for representing success and failure states of intrusion process.©2008 IEEE.
