Experimenting with quantitative evaluation tools for monitoring operational security
作者: R. Ortalo , Y. Deswarte , M. Kaaniche
DOI: 10.1109/32.815323
关键词: Security service 、 Standard of Good Practice 、 Asset (computer security) 、 Risk analysis (engineering) 、 Computer science 、 Reliability engineering 、 Covert channel 、 Information security audit 、 Vulnerability 、 Network security policy 、 Security through obscurity 、 Information security 、 Logical security 、 Security testing 、 Cloud computing security 、 Operations security 、 Computer security model 、 Software security assurance 、 Exploit 、 Security information and event management
摘要: This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its vulnerabilities. Quantitative measures estimate effort attacker might expend to exploit these vulnerabilities defeat objectives are proposed. A set tools has been developed compute such and used monitor large real for nearly two years. experimental presented validity discussed. Finally, practical usefulness operational monitoring shown comparison with other existing approaches given.
core.ac.uk
acm.org
sci-hub.se 参考文章(11)
Marc Dacier, Yves Deswarte Mohamed Kaâniche, Quantitative Assessment of Operational Security: Models and Tools * ,(1996)
Bev Littlewood, Sarah Brocklehurst, Norman Fenton, Peter Mellor, Stella Page, David Wright, John Dobson, John McDermid, Dieter Gollmann, Towards Operational Measures of Computer Security: Concepts Springer, Berlin, Heidelberg. pp. 537- 553 ,(1995) , 10.1007/978-3-642-79789-7_30
Eugene H. Spafford, Daniel Farmer, The COPS Security Checker System USENIX Summer. pp. 165- 170 ,(1990)
M. Dacier, Y. Deswarte, M. Kaâniche, Models and tools for quantitative assessment of operational security information security. pp. 177- 186 ,(1996) , 10.1007/978-1-5041-2919-0_15
Gene Spafford, Simson Garfinkel, Practical UNIX and Internet Security ,(1996)
Tomas Olovsson, Erland Jonsson, Sarah Brocklehurst, Bev Littlewood, Towards operational measures of computer security: Experimentation and modelling Predictably Secure Computing Systems. pp. 555- 569 ,(1995) , 10.1007/978-3-642-79789-7_31
B.A. Myers, R.G. McDaniel, R.C. Miller, A.S. Ferrency, A. Faulring, B.D. Kyle, A. Mickish, A. Klimovitski, P. Doane, The Amulet environment: new models for effective user interface software development IEEE Transactions on Software Engineering. ,vol. 23, pp. 347- 365 ,(1997) , 10.1109/32.601073
J.D. McCalley, A.A. Fouad, V. Vittal, A.A. Irizarry-Rivera, B.L. Agrawal, R.G. Farmer, A risk-based security index for determining operating limits in stability-limited electric power systems IEEE Transactions on Power Systems. ,vol. 12, pp. 1210- 1219 ,(1997) , 10.1109/59.630463
Marc Dacier, Yves Deswarte, Privilege Graph: an Extension to the Typed Access Matrix Model european symposium on research in computer security. pp. 319- 334 ,(1994) , 10.1007/3-540-58618-0_72
Bev Littlewood, Sarah Brocklehurst, Norman Fenton, Peter Mellor, Stella Page, David Wright, John Dobson, John McDermid, Dieter Gollmann, Towards Operational Measures of Computer Security Journal of Computer Security. ,vol. 2, pp. 211- 229 ,(1993) , 10.3233/JCS-1993-22-308