This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David M. Nicol Articles by William H. Sanders Articles by Kishor S. Trivedi

Model-Based Evaluation: From Dependability to Security

January-March 2004 (vol. 1 no. 1)

pp. 48-65

[1] 48 Y. Deswarte, L. Blain, and J.C. Fabre, Intrusion Tolerance in Distributed Computing Systems Proc. IEEE Symp. Research in Security and Privacy, pp. 110-121, May 1991.[2] B. Dutertre, V. Crettaz, and V. Stavridou, Intrusion-Tolerant Enclaves Proc. IEEE Int'l Symp. Security and Privacy, pp. 216-224, May 2002.[3] M. Cukier, J. Lyons, P. Pandey, H.V. Ramasamy, W.H. Sanders, P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, M. Atighetchi, and J. Gossett, Intrusion Tolerance Approaches in ITUA Supplement of the Proc. 2001 Int'l Conf. Dependable Systems and Networks, pp. B-64-B-65, July 2001.[4] F. Wang, F. Gong, C. Sargor, K. Go eva-Popstojanova, K.S. Trivedi, and F. Jou, SITAR: A Scalable Intrusion Tolerance Architecture for Distributed Services Proc. IEEE Second SMC Information Assurance Workshop, pp. 38-45, June 2001.[5] C. Landwehr, Formal Models for Computer Security Computer Surveys, vol. 13, no. 3, pp. 247-278, Sept. 1981.[6] J. Lowry, An Initial Foray into Understanding Adversary Planning and Courses of Action Proc. DARPA Information Survivability Conf. and Exposition II (DISCEX '01), pp. 123-133, 2001.[7] A. Avizienis, J. Laprie, and B. Randell, Fundamental Concepts of Dependability LAAS-CNRS, Technical Report N01145, Apr. 2001.[8] K.S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer Science Applications, second ed. New York: John Wiley and Sons, 2001.[9] M.L. Shooman, Probabilistic Reliability: An Engineering Approach, second ed. Malabar, Fla.: R.E. Krieger Publishing Co., 1990.[10] B. Madan, K. Go eva-Popstojanova, K. Vaidyanathan, and K. Trivedi, Modeling and Quantification of Security Attributes of Software Systems Proc. Int'l Conf. Dependable Systems and Networks, pp. 505-514, 2002.[11] S. Jha, O. Sheyner, and J. Wing, Minimization and Reliability Analysis of Attack Graphs Technical Report CMU-CS-2-109, Carnegie Mellon Univ., May 2002.[12] O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing, Automated Generation and Analysis of Attack Graphs Proc. 2002 IEEE Symp. Security and Privacy, pp. 273-284, May 2002.[13] S. Singh, M. Cukier, and W.H. Sanders, Probabilistic Validation of an Intrusion-Tolerant Replication System Proc. Int'l Conf. Dependable Systems and Networks, pp. 616-624, June 2003.[14] V. Gupta, V.V. Lam, H.V. Ramasamy, W.H. Sanders, and S. Singh, Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures Dependable Computing: Proc. First Latin-Am. Symp. (LADC 2003), pp. 81-101, 2003.[15] J.F. Meyer, On Evaluating the Performability of Degradable Computing Systems IEEE Trans. Computers, vol. 29, no. 8, pp. 720-731, Aug. 1980.[16] W.H. Sanders and J.F. Meyer, A Unified Approach for Specifying Measures of Performance, Dependability, and Performability Dependable Computing for Critical Applications, Vol. 4 of Dependable Computing and Fault-Tolerant Systems, A. Avizienis, H. Kopetz, and J. Laprie, eds., Springer-Verlag, pp. 215-237, 1991.[17] G. Bolch, S. Greiner, H. de Meer, and K.S. Trivedi, Queueing Networks and Markov Chains. New York: John Wiley&Sons, 1998.[18] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, Survivable Network Systems: An Emerging Discipline Technical Report CMU/SEI-97-TR-013, CMU Software Engineering Institute, Nov. 1997.[19] Y. Liu and K.S. Trivedi, A General Framework for Network Survivability Quantification Proc. 12th GI/ITG Conf. Measuring, Modelling and Evaluation of Computer and Comm. Systems (MMB) together with Third Polish-German Teletraffic Symp. (PGTS), 2004.[20] Y. Liu, V.B. Mendiratta, and K.S. Trivedi, Survivability Analysis of Telephone Access Network Proc. IEEE Int'l. Symp. Software Eng. (ISSRE '04), 2004.[21] F. Stevens, T. Courtney, S. Singh, A. Agbaria, J.F. Meyer, W.H. Sanders, and P. Pal, Model-Based Validation of an Intrusion-Tolerant Information System Proc. 23rd Symp. Reliable Distributed Systems (SRDS 2004), Oct. 2004.[22] R.A. Sahner, K.S. Trivedi, and A. Puliafito, Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package. Kluwer Academic Publishers, 1996.[23] http://www.relexsoftware.com/productsrelanalysissoft.asp , 2004.[24] M. Malhotra and K. Trivedi, Power-Hierarchy of Dependability Model Types IEEE Trans. Reliability, vol. 43, no. 2, pp. 493-502, Sept. 1994.[25] S. Rai, M. Veeraraghavan, and K. Trivedi, A Survey on Efficient Computation of Reliability Using Disjoint Products Approach Networks, vol. 25, no. 3, pp. 147-163, 1995.[26] R.E. Bryant, Graph Based Algorithms for Boolean Function Manipulation IEEE Trans. Computers, vol. 35, no. 8, pp. 677-691, Aug. 1986.[27] X. Zang, H. Sun, and K. Trivedi, A BDD-Based Algorithm for Reliability Analysis of Phased-Mission Systems IEEE Trans. Reliability, vol. 48, no. 1, pp. 50-60, Mar. 1999.[28] J.E. Arsenault and J.A. Roberts, Reliability and Maintainability of Electronic Systems. Rockville, MD: Computer Science Press, 1980.[29] R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testing. New York: Holt, Rinehart and Winston, 1975.[30] B.S. Dhillon and C. Singh, Engineering Reliability: New Techniques and Applications. New York: Wiley, 1981.[31] E. Henley and H. Kumamoto, Reliability Engineering and Risk Assessment. Englewood Cliffs, N.J.: Prentice-Hall, 1981.[32] N.G. Leveson, Safeware: System Safety and Computers. Addison-Wesley Publishing Co., 1995.[33] J.B. Dugan and M.R. Lyu, Dependability Modeling for Fault-Tolerant Software and Systems Software Fault Tolerance, M.R. Lyu, ed., Chichester: John Wiley&Sons, pp. 109-138, 1995.[34] J.B. Dugan, S.J. Bavuso, and M.A. Boyd, Fault Trees and Sequence Dependencies Proc. Reliability and Maintainability Symp., pp. 286-293, 1990.[35] J.B. Dugan, Fault Trees and Imperfect Coverage IEEE Trans. Reliability, vol. 38, no. 2, pp. 177-185, 1989.[36] X. Zang, D. Wang, H. Sun, and K. Trivedi, A BDD-Based Algorithm for Analysis of Multistate Systems with Multistate Components IEEE Trans. Computers, vol. 52, no. 12, pp. 1608-1618, Dec. 2003.[37] Y. Ma and K. Trivedi, An Algorithm for Reliability Analysis of Phased-Mission Systems Reliability Eng. and System Safety, vol. 66, no. 2, pp. 157-170, 1999.[38] CAFTA: A Fault Tree Analysis Tool Designed for PSA Proc. Probabilistic Risk Assessment and Risk Management Conf. (PSA '87), vol. 2, pp. 588-592, 1987.[39] http://www.ds-s.comrisk_and_reliability_tools.asp , 2004.[40] B. Schneier, Secrets and Lies: Digital Security in a Networked World. John Wiley&Sons, Aug. 2000.[41] D. Dolev and A. C. Yao, "On the security of public key protocols," IEEE Trans. Information Theory, vol. 29, no. 2, Mar. 1983. Also appears in the 22nd FOCS, 1981.[42] C. Meadows, Applying Formal Methods to the Analysis of a Key Management Protocol J. Computer Security, vol. 1, no. 1, pp. 5-36, 1992.[43] T. Woo and S. Lam, A Semantic Model for Authentication Protocols Proc. 1993 IEEE Symp. Security and Privacy, pp. 178-195, 1993.[44] W. Marrero, E. Clark, and S. Jha, Modeling Checking for Security Protocols Technical Report CMU-SCS-97-139, Carnegie Mellon Univ., May 1997.[45] F. Besson, J. Jensen, D.L. Métayer, and T. Thorn, Model Checking Security Properties of Control Flow Graphs J. Computer Security, vol. 9, no. 3, pp. 217-250, 2001.[46] H. Chen, D. Dean, and D. Wagner, Model Checking One Million Lines of C Code Proc. 11th Ann. Network and Distributed System Security Symp., 2004.[47] R.W. Ritchey and P. Ammann, Using Model Checking to Analyze Network Vulnerabilities Proc. IEEE Symp. Security and Privacy, pp. 156-165, May 2000.[48] G. Ciardo and A.S. Miner, Efficient Reachability Set Generation and Storage Using Decision Diagrams Proc. 20th Int'l Conf. Application and Theory of Petri Nets, pp. 6-25, 1999.[49] J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, and L.J. Hwang, Symbolic Model Checking:$10^{20}$States and Beyond Information and Computation, vol. 98, no. 2, pp. 142-170, June 1992.[50] S. Singh, J. Lyons, and D. Nicol, Fast Model-Based Penetration Testing Proc. 2004 Winter Simulation Conf., Dec. 2004.[51] J.K. Muppala, M. Malhotra, and K.S. Trivedi, Markov Dependability Models of Complex Systems: Analysis Techniques Reliability and Maintenance of Complex Systems, S. Ozekici, ed., Germany: Springer, pp. 442-486, 1996.[52] B. Haverkort, R. Marie, G. Rubino, and K.S. Trivedi, Performability Modeling Tools and Techniques. Chichester, England: John Wiley&Sons, 2001.[53] K.S. Trivedi, J.K. Muppala, S.P. Woolet, and B.R. Haverkort, Composite Performance and Dependability Analysis Performance Evaluation, vol. 14, no. 3-4, pp. 197-215, 1992.[54] J.K. Muppala, S.P. Woolet, and K.S. Trivedi, Real-Time Systems Performance in the Presence of Failures Computer, vol. 24, no. 5, pp. 37-47, May 1991.[55] K.S. Trivedi, S. Ramani, and R.M. Fricks, Recent Advances in Modeling Response-Time Distributions in Real-Time Systems Proc. IEEE, vol. 91, no. 7, pp. 1023-1037, 2003.[56] K.G. Popstojanova and K. Trivedi, Architecture Based Approach to Reliability Assessment of Software Systems Performance Evaluation, vol. 45, no. 2-3, pp. 179-204, 2001.[57] S. Garg, Y. Huang, C.M.R. Kintala, S. Yajnik, and K. Trivedi, Performance and Reliability Evaluation of Passive Replication Schemes in Application Level Fault Tolerance Proc. 29th Int'l Symp. Fault-Tolerant Computing, pp. 322-328, June 1999.[58] J.-C. Laprie and K. Kanoun,“X-ware reliability and availability modelling” IEEE Trans. Software Engineering, vol. 18, no. 2, pp. 130-147, 1992.[59] W.H. Sanders and J.F. Meyer, Performability Evaluation of Distributed Systems Using Stochastic Activity Networks Proc. Int'l Conf. Petri Nets and Performance Models, pp. 111-120, 1987.[60] Y. Ma, J. Han, and K. Trivedi, Composite Performance&Availability Analysis of Wireless Communication Networks IEEE Trans. Vehicular Technology, vol. 50, no. 5, pp. 1216-1223, Sept. 2001.[61] R.M. Smith, K.S. Trivedi, and A.V. Ramesh, “Performability Analysis: Measures, an Algorithm, and a Case Study,” IEEE Trans. Computers, vol. 37, no. 4, pp. 406-417, Apr. 1988.[62] W.J. Stewart, Introduction to the Numerical Solution of Markov Chains. Princeton, 1994.[63] A. Reibman, R.M. Smith, and K. Trivedi, Markov and Markov Reward Models: A Survey of Numerical Approaches European J. Operations Research, pp. 257-267, 1989.[64] G. Ciardo, J. Muppala, and K. Trivedi, SPNP: Stochastic Petri Net Package Proc. Third Int'l Workshop Petri Nets and Performance Models, pp. 142-151, 1989.[65] W.H. Sanders, W.D. Obal, M.A. Qureshi, and F.K. Widjanarko, TheUltraSANModeling Environment Performance Evaluation, vol. 24, no. 1, pp. 89-115, Oct.-Nov. 1995.[66] D.D. Deavours, G. Clark, T. Courtney, D. Daly, S. Derisavi, J.M. Doyle, W.H. Sanders, and P.G. Webster, The Möbius Framework and Its Implementation IEEE Trans. Software Eng., vol. 28, no. 10, pp. 956-969, Oct. 2002.[67] K. Vaidyanathan and K. Trivedi, A Measurement-Based Model for Estimation of Resource Exhaustion in Operational Software Systems Proc. 10th Int'l Symp. Software Reliability Eng., pp. 84-93, Nov. 1999.[68] M.C. Hsueh, R. Iyer, and K. Trivedi, Performability Modeling Based on Real Data: A Case Study IEEE Trans. Computers, vol. 37, no. 4, pp. 478-484, Apr. 1988.[69] D. Chen, D. Selvamuthu, D. Chen, L. Li, R.R. Some, A.P. Nikora, and K. Trivedi, Reliability and Availability Analysis for the JPL Remote Exploration and Experimentation System Proc. Int'l Conf. Dependable Systems and Networks, pp. 337-344, June 2002.[70] J.K. Muppala, A.S. Sathaye, R.C. Howe, and K.S. Trivedi, Dependability Modeling of a Heterogenous VAXcluster System Using Stochastic Reward Nets Hardware and Software Fault Tolerance in Parallel Computing Systems, Ellis Horwood Ltd., pp. 33-59, 1992.[71] V. Mainkar and K. Trivedi, Sufficient Conditions for Existence of a Fixed Point in Stochastic Reward Net-Based Iterative Models IEEE Trans. Software Eng., vol. 22, no. 9, pp. 640-653, Sept. 1996.[72] L. Tomek and K. Trivedi, Fixed-Point Iteration in Availability Modeling Informatik-Fachberichte, Vol. 283: Fehlertolerierende Rechensysteme, Springer-Verlag, Berlin, pp. 229-240, 1991.[73] J.G. Kemeney and J.L. Snell, Finite Markov Chains. D. Van Nostrand Company, Inc., 1960.[74] P. Buchholz, Exact and Ordinary Lumpability in Finite Markov Chains J. Applied Probability, vol. 31, pp. 59-74, 1994.[75] P. Buchholz, Efficient Computation of Equivalent and Reduced Representations for Stochastic Automata Int'l J. Computer Systems Science&Eng., vol. 15, no. 2, pp. 93-103, 2000.[76] R. Milner, Communication and Concurrency. London: Prentice Hall, 1989.[77] P.C. Kanellakis and S.A. Smolka, CCS Expressions, Finite State Processes, and Three Problems of Equivalence Proc. ACM Symp. Principles of Distributed Computing, pp. 228-240, 1983.[78] R. Paige and R.E. Tarjan, Three Partition Refinement Algorithms SIAM J. Computing, vol. 16, no. 6, pp. 973-989, 1987.[79] J.C. Fernandez, An Implementation of an Efficient Algorithm for Bisimulation Equivalence Science of Computer Programming, vol. 13, no. 2-3, pp. 219-236, 1990.[80] M. Bernardo and R. Gorrieri, A Tutorial on EMPA: A Theory of Concurrent Processes with Nondeterminism, Priorities, Probabilities and Time Theoretical Computer Science, vol. 202, pp. 1-54, 1998.[81] D.T. Huynh and L. Tian, On Some Equivalence Relations for Probabilistic Processes Fundamenta Informaticae, vol. 17, pp. 211-234, 1992.[82] S. Derisavi, H. Hermanns, and W.H. Sanders, Optimal State-Space Lumping in Markov Chains Information Processing Letters, vol. 87, no. 6, pp. 309-315, Sept. 2003.[83] G. Chiola, C. Dutheillet, G. Franceschinis, and S. Haddad, “Stochastic Well-Formed Coloured Nets for Symmetric Modeling Applications,” IEEE Trans. Computers, vol. 42, no. 11, Nov. 1993.[84] J.F. Meyer and W.H. Sanders, “Reduced Base Model Construction Methods for Stochastic Activity Networks,” IEEE J. Selected Areas in Comm., vol. 9, no. 1, pp. 25–36, Jan. 1991.[85] W.D. Obal II, Measure-Adaptive State-Space Construction Methods PhD Dissertation, Univ. of Arizona, 1998.[86] H. Hermanns and M. Ribaudo, Exploiting Symmetries in Stochastic Process Algebras Proc. 12th European Simulation Multiconf. (ESM), pp. 763-770, 1998.[87] S. Gilmore, J. Hillston, and M. Ribaudo, An Efficient Algorithm for Aggregating PEPA Models IEEE Trans. Software Eng., vol. 27, no. 5, pp. 449-464, May 2001.[88] P. Buchholz, Exact Performance Equivalence: An Equivalence Relation for Stochastic Automata Theoretical Computer Science, vol. 215, no. 1/2, pp. 263-287, 1999.[89] P. Buchholz, Hierarchical Markovian Models: Symmetries and Reduction Performance Evaluation, vol. 22, no. 1, pp. 93-110, Feb. 1995.[90] P. Buchholz, Markovian Process Algebra: Composition and Equivalence Proc. Second Workshop Process Algebras and Performance Modelling, Arbeitsberichte des IMMD, vol. 27, no. 4, pp. 11-30, 1994.[91] P. Buchholz, Equivalence Relations for Stochastic Automata Networks Computation with Markov Chains, W.J. Stewart, ed. Kluwer Int'l Publishers, pp. 197-216, 1995.[92] P. Buchholz, A Framework for the Hierarchical Analysis of Discrete Event Dynamic Systems (habilitations thesis) PhD dissertation, Univ. Dortmund, Germany, 1996.[93] H. Hermanns, Interactive Markov Chains and the Quest for Quantified Quality. Springer, LNCS vol. 2428, 2002.[94] P.-J. Courtois and P. Semal, Computable Bounds for Conditional Steady-State Probabilities in Large Markov Chains and Queueing Models IEEE J. Selected Areas in Comm., vol. 4, no. 6, pp. 926-937, Sept. 1986.[95] P.J. Courtois, Decomposability. New York: Academic Press, 1977.[96] A. Bobbio and K. Trivedi, An Aggregation Technique for the Transient Analysis of Stiff Markov Chains IEEE Trans. Computers, vol. 35, no. 9, pp. 803-814, Sept. 1986.[97] A. Bobbio and K.S. Trivedi, Computing Cumulative Measures of Stiff Markov Chains Using Aggregation IEEE Trans. Computers, vol. 39, no. 10, pp. 1291-1297, 1990.[98] D. Daly, P. Buchholz, and W.H. Sanders, An Approach for Bounding Reward Measures in Markov Models Using Aggregation Technical Report UILU-ENG-04-2206 (CRHC-04-06), Univ. of Illinois at Urbana-Champaign Coordinated Science Laboratory, July 2004.[99] A. Srinivasan, T. Kam, S. Malik, and R.E. Brayton, Algorithms for Discrete Function Manipulation Proc. Int'l Conf. CAD (ICCAD '90), pp. 92-95, 1990.[100] E.M. Clarke, O. Grumberg, and D. Peled, Model Checking. MIT Press, 1999.[101] G. Ciardo, G. Lüttgen, and R. Siminiceanu, Saturation: An Efficient Iteration Strategy for Symbolic State-Space Generation Proc. Int'l Conf. Tools and Algorithms for the Construction and Analysis of Systems, pp. 328-342, 2001.[102] G. Ciardo, R.M. Marmorstein, and R. Siminiceanu, Saturation Unbound Proc. Int'l Conf. Tools and Algorithms for the Construction and Analysis of Systems, pp. 379-393, 2003.[103] B. Plateau, On the Stochastic Structure of Parallelism and Synchronization Models for Distributed Algorithms Proc. ACM SIGMETRICS Conf. Measurement and Modeling of Computer Systems, pp. 147-154, 1985.[104] B. Plateau and K. Atif, Stochastic Automata Network for Modeling Parallel Systems IEEE Trans. Software Eng., vol. 17, no. 10, pp. 1093-1108, Oct. 1991.[105] P. Buchholz, Numerical Solution Methods Based on Structured Descriptions of Markovian Models Computer Performance Evaluation, Elsevier Science Publishers B.V. (North-Holland), pp. 251-267, 1991.[106] P. Buchholz and P. Kemper, "Numerical Analysis of Stochastic Marked Graphs," Porch. Sixth Int'l Workshop Petri Nets and Performance Models, pp. 32-41,Durham, N.C., IEEE CS Press, Oct. 1995.[107] S. Donatelli, Superposed Stochastic Automata: A Class of Stochastic Petri Nets Amenable to Parallel Solution Proc. Fourth Int'l Workshop Petri Nets and Performance Models, pp. 54-63, 1991.[108] S. Donatelli, Superposed Generalized Stochastic Petri Nets: Definition and Efficient Solution Proc. 15th Int'l Conf. Applications and Theory of Petri Nets, pp. 258-277, 1994.[109] P. Kemper, Numerical Analysis of Superposed GSPNs Proc. Sixth Int'l Workshop Petri Nets and Performance Models (PNPM '95), pp. 52-61, 1995.[110] P. Buchholz, G. Ciardo, S. Donatelli, and P. Kemper, Complexity of Memory-Efficient Kronecker Operations with Applications to the Solution of Markov Models INFORMS J. Computing, vol. 12, no. 3, pp. 203-222, 2000.[111] G. Ciardo and A. Miner, A Data Structure for the Efficient Kronecker Solution of GSPNs Proc. Eighth Int'l Workshop Petri Nets and Performance Models, pp. 22-31, 1999.[112] A.S. Miner, Efficient Solution of GSPNs Using Canonical Matrix Diagrams Proc. Ninth Int'l Workshop Petri Nets and Performance Models, pp. 101-110, Sept. 2001.[113] D.D. Deavours and W.H. Sanders, An Efficient Disk-Based Tool for Solving Large Markov Models Performance Evaluation, vol. 33, pp. 67-84, 1998.[114] D.D. Deavours and W.H. Sanders, On-the-Fly' Solution Techniques for Stochastic Petri Nets and Extensions IEEE Trans. Software Eng., vol. 24, no. 10, pp. 889-902, Oct. 1998.[115] E. de Souza e Silva and H.R. Gail, Calculating Availability and Performability Measures of Repairable Computer Systems J. ACM, vol. 36, pp. 171-193, Jan. 1989.[116] E. de Souza e Silva and H.R. Gail, Calculating Transient Distributions of Cumulative Reward Proc. SIGMETRICS/Performance-95, pp. 231-240, May 1995.[117] M.A. Qureshi and W.H. Sanders, A New Methodology for Calculating Distributions of Reward Accumulated During a Finite Interval Proc. 26th Int'l Symp. Fault-Tolerant Computing, pp. 116-125, June 1996.[118] V.V. Lam, P. Buchholz, and W.H. Sanders, A Structured Path-Based Approach for Computing Transient Rewards of Large CTMCs Proc. First Int'l Conf. Quantitative Evaluation of Systems (QEST), Sept. 2004.[119] J. Muppala, M. Malhotra, and K. Trivedi, Stiffness-Tolerant Methods for Transient Analysis of Stiff Markov Chains Microelectronics and Reliability, vol. 34, no. 11, pp. 1825-1841, 1994.[120] A. Reibman and K.S. Trivedi, Numerical Transient Analysis of Markov Models Computers and Operations Research, vol. 15, no. 1, pp. 19-36, 1988.[121] A. van Moorsel and W.H. Sanders, Adaptive Uniformization ORSA Comm. in Statistics: Stochastic Models, vol. 10, no. 3, pp. 619-648, Aug. 1994.[122] A.P.A. van Moorsel and W.H. Sanders, Transient Solution of Markov Models by Combining Adaptive&Standard Uniformization IEEE Trans. Reliability, vol. 46, no. 3, pp. 430-440, Sept. 1997.[123] M. Malhotra and A. Reibman, Selecting and Implementing Phase Approximations for Semi-Markov Models Comm. Statistical Stochastic Models, vol. 9, no. 4, pp. 473-506, 1993.[124] S. Gokhale and K. Trivedi, A Time/Structure Based Software Reliability Model Annals of Software Eng., vol. 8, pp. 85-121, 1999.[125] S. Gokhale, P.N. Marinos, M.R. Lyu, and K. Trivedi, Effect of Repair Policies on Software Reliability Proc. 12th Ann. Conf. Computer Assurance (COMPASS), pp. 105-116, June 1997.[126] R. Geist, M. Smotherman, K.S. Trivedi, and J.B. Dugan, Reliability Analysis of Life-Critical Systems Acta Informatica, vol. 23, no. 6, pp. 621-642, 1986.[127] G. Ciardo, R. Marie, B. Sericola, and K.S. Trivedi, “Performability Analysis Using Semi-Markov Reward Processes,” IEEE Trans. Computers, vol. 39, no. 10, pp. 1,251-1,264, Oct. 1990.[128] V. Kulkarni, Modeling and Analysis of Stochastic Systems. New York: Chapman Hall, 1995.[129] M. Ajmone Marsan, G. Balbo, and G. Conte, A Class of Generalized Stochastic Petri Nets for the Performance Evaluation of Multiprocessor Systems ACM Trans. Computer Systems, vol. 2, no. 2, pp. 93-122, 1984.[130] J.F. Meyer, A. Movaghar, and W.H. Sanders, Stochastic Activity Networks: Structure, Behavior, and Application Proc. Int'l Workshop Timed Petri Nets, pp. 106-115, July 1985.[131] W.H. Sanders and J.F. Meyer, Stochastic Activity Networks: Formal Definitions and Concepts Lectures on Formal Methods and Performance Analysis, First EEF/Euro Summer School on Trends in Computer Science, LNCS, no. 2090, pp. 315-343, 2001.[132] J. Hillston, A Compositional Approach to Performance Modelling. Cambridge Univ. Press, 1996.[133] H. Hermanns and M. Rettelbach, Syntax, Semantics, Equivalences, and Axioms for MTIPP Proc. Second Workshop Process Algebras and Performance Modelling, Arbeitsberichte des IMMD, vol. 27, no. 4, pp. 71-87, 1994.[134] M. Malhotra and K. Trivedi, Dependability Modeling Using Petri Nets IEEE Trans. Reliability, vol. 44, no. 3, pp. 428-440, Sept. 1995.[135] J.B. Dugan, V. Nicola, R. Geist, and K. Trivedi, Extended Stochastic Petri Nets: Applications and Analysis Proc. Conf. Performance '84, pp. 507-519, 1985.[136] M.A. Marsan and G. Chiola, On Petri Nets with Deterministic and Exponentially Distributed Firing Times Advances in Petri Nets, LNCS, vol. 266, Springer, pp. 132-145, 1987.[137] H. Choi, V. Kulkarni, and K. Trivedi, Markov Regenerative Stochastic Petri Nets Performance Evaluation, vol. 20, pp. 337-357, 1994.[138] V. Catania, A. Puliafito, M. Scarpa, and L. Vita, Concurrent Generalized Petri Nets Proc. Conf. Numerical Solution of Markov Chains, pp. 359-382, Jan. 1995.[139] G. Horton, V. Kulkarni, D. Nicol, and K.S. Trivedi, Fluid Stochastic Petri Nets: Theory, Application, and Solution Techniques European J. Operations Research, vol. 105, no. 1, pp. 184-201, Feb. 1998.[140] G. Ciardo, D.M. Nicol, and K.S. Trivedi, Discrete-Event Simulation of Fluid Stochastic Petri Nets IEEE Trans. Software Eng., vol. 25, no. 2, pp. 207-217, 1999.[141] R. Ortalo, Y. Deswarte, and M. Kaâniche, Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security IEEE Trans. Software Eng., vol. 25, pp. 633-650, Oct. 1999.[142] B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, and D. Wright, Towards Operational Measures of Computer Security J. Computer Security, vol. 2, pp. 211-229, 1993.[143] E. Jonsson and T. Olovsson, “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior,” IEEE Trans. Software Eng., vol. 23, no. 4, pp. 235-245, Apr. 1997.[144] M. Dacier, Y. Deswarte, and M. Kaâniche, Quantitative Assessment of Operational Security: Models and Tools Technical Report 96493, Laboratory for Analysis and Architecture of Systems, May 1996.[145] D. Wang, B. Madan, and K. Trivedi, Security Analysis of SITAR Intrusion-Tolerant System Proc. ACM Workshop Survivable and Self-Regenerative Systems, pp. 23-32, 2003.[146] W.H. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro, Probabilistic Validation of Intrusion Tolerance Supplemental Volume of the Proc. Int'l Conf. Dependable Systems&Networks (DSN-2002), pp. B-78-B-79, June 2002.[147] http:/www.nessus.org/, 2004.[148] http://www.insecure.orgnmap/, 2004.[149] D. Farmer and E.H. Spafford, The COPS Security Checker System Proc. Summer Usenix Conf., pp. 165-170, 1990.[150] http://www.net.tamu.edu/network/toolstiger.html , 2004.[151] A. Sharma, J.R. Martin, N. Anand, M. Cukier, and W.H. Sanders, Ferret: A Host Vulnerability Checking Tool Proc. 10th IEEE Pacific Rim Int'l Symp. Dependable Computing (PRDC-10), pp. 389-394, Mar. 2004.[152] P. Heidelberger, Fast Simulation of Rare Events in Queueing and Reliability Models ACM Trans. Modeling and Computer Simulation, vol. 1, no. 5, pp. 43-85, 1995.[153] J. Banks, J. Carson, B. Nelson, and D. Nicol, Discrete-Event System Simulation. Upper Saddle River, N.J.: Prentice-Hall, 2000.[154] G. Shedler, Regenerative Stochastic Simulation. Boston: Prentice-Hall, 1993.[155] R.E. Nance, A History of Discrete Event Simulation Programming Languages Proc. Second ACM SIGPLAN Conf. History of Programming Languages, pp. 149-175, 1993.[156] http://www.isi.edu/nsnamns/, 2004.[157] http:/www.ssfnet.org, 2004.[158] D. Moore, C. Shannon, and K. Claffy, Code-Red: A Case Study on the Spread and Victims of an Internet Worm Proc. Internet Measurement Workshop (IMW), pp. 273-284, Nov. 2002.[159] D. Nicol, M. Liljenstam, and J. Liu, Multiscale Modeling and Simulation of Worm Effects on the Internet Routing Infrastructure Proc. 13th Int'l Conf. Modeling Techniques and Tools for Computer Performance Evaluation (Performance TOOLS 2003), pp. 1-10, Sept. 2003.[160] M. Liljenstam, Y. Yuan, B. Premore, and D. Nicol, A Mixed Abstraction Level Model of Large-Scale Internet Worm Infestations Proc. 10th IEEE/ACM Symp. Modeling, Analysis and Simulation of Computer and Telecomm. Systems (MASCOTS), pp. 109-116, Oct. 2002.[161] C.C. Zou, L. Gao, W. Gong, and D. Towsley, Monitoring and Early Warning for Internet Worms Proc. 10th ACM Conf. Computer and Comm. Security, pp. 190-199, 2003.[162] C.C. Zou, W. Gong, and D. Towsley, Code Red Worm Propagation Modeling and Analysis Proc. Ninth ACM Conf. Computer and Comm. Security, pp. 138-147, 2002.[163] V. Venkataraghavan, S. Nair, and P.-M. Seidel, Simulation-Based Validation of Security Protocols Proc. OPNETWORKS 2002 Conf., Aug. 2002.[164] D. Apostal, T. Foote-Lennox, T. Markham, A. Dowd, R. Lu, and D. O'Brian, Checkmate Network Security Modeling Proc. DARPA Information Survivability Conf. and Exposition, pp. 214-226, June 2001.[165] V. Gorodetski, I. Kotenko, and O. Karsaev, Multi-Agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning Int'l J. Computer Systems Science and Eng., vol. 18, no. 4, pp. 191-200, July 2003.[166] N. Falby, M. Thompson, and C. Irvine, A Security Simulation Game Definition Language Innovative Program Abstracts Colloquium on Information Systems Security Education, June 2004.[167] C. Irvine and M. Thompson, Teaching Objectives of a Simulation Game for Computer Security Proc. Informing Science and Information Technology Joint Conf., June 2003.[168] J. Drew, Simulation to Support Security Issues Related to System Interoperability Proc. Summer Simulation Conf., pp. 14-18, 2002.[169] S. Lathrop, J. Hill, and J. Surdu, Modeling Network Attacks Proc. 12th Conf. Behavior Representation in Modeling and Simulation, pp. 401-407, May 2003.[170] W. Dizard III, Seattle Cybergame Preceded Last Week's Drill and Simulated Reality Government Computer News, vol. 22, no. 11,http://www.gcn.com/22_11/news22099-1.html , 2003.[171] T. Bridis, Gov't Simulates Terrorist Cyberattack Assoc. Press,http://www.zone-h.org/en/news/readid=3728 , Nov. 2003.