Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles |
| |
| Authors: | Lars Grunske David Joyce |
| |
| Affiliation: | University of Queensland, School of ITEE/ARC Centre for Complex Systems, 4072 Brisbane, Australia |
| |
| Abstract: | Systems and software architects require quantitative dependability evaluations, which allow them to compare the effect of their design decisions on dependability properties. For security, however, quantitative evaluations have proven difficult, especially for component-based systems. In this paper, we present a risk-based approach that creates modular attack trees for each component in the system. These modular attack trees are specified as parametric constraints, which allow quantifying the probability of security breaches that occur due to internal component vulnerabilities as well as vulnerabilities in the component’s deployment environment. In the second case, attack probabilities are passed between system components as appropriate to model attacks that exploit vulnerabilities in multiple system components. The probability of a successful attack is determined with respect to a set of attack profiles that are chosen to represent potential attackers and corresponding environmental conditions. Based on these attack probabilities and the structure of the modular attack trees, risk measures can be estimated for the complete system and compared with the tolerable risk demanded by stakeholders. The practicability of this approach is demonstrated with an example that evaluates the confidentiality of a distributed document management system. |
| |
| Keywords: | Model-driven security evaluation SysML Parametric constraints Risk Confidentiality Composability Secrecy Privacy Component-based systems engineering Quantitative evaluation |
| 本文献已被 ScienceDirect 等数据库收录! |
|
