Value Driven Security Threat Modeling Based on Attack Path Analysis

H
HICSS
2007
40th Annual Hawaii International Conference on System Sciences (HICSS'07)
Abstract - Value Driven Security Threat Modeling Based on Attack Path Analysis

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yue Chen Articles by Barry Boehm Articles by Luke Sheppard

40th Annual Hawaii International Conference on System Sciences (HICSS'07)

Value Driven Security Threat Modeling Based on Attack Path Analysis (PDF)

Big Island, Hawaii

January 03-January 06

ISBN: 0-7695-2755-8

	ASCII Text	x
	Yue Chen, Barry Boehm, Luke Sheppard, "Value Driven Security Threat Modeling Based on Attack Path Analysis," Hawaii International Conference on System Sciences, pp. 280a, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007.

	BibTex	x
	@article{ 10.1109/HICSS.2007.601, author = {Yue Chen and Barry Boehm and Luke Sheppard}, title = {Value Driven Security Threat Modeling Based on Attack Path Analysis}, journal ={Hawaii International Conference on System Sciences}, volume = {0}, year = {2007}, issn = {1530-1605}, pages = {280a}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2007.601}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Value Driven Security Threat Modeling Based on Attack Path Analysis SN - 1530-1605 SP EP A1 - Yue Chen, A1 - Barry Boehm, A1 - Luke Sheppard, PY - 2007 KW - null VL - 0 JA - Hawaii International Conference on System Sciences ER -

Yue Chen, University of Southern California, Los Angeles, USA

Barry Boehm, University of Southern California, Los Angeles, USA

Luke Sheppard, University of Southern California, Los Angeles, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2007.601

This paper presents a quantitative threat modeling method, the Threat Modeling method based on Attack Path Analysis (T-MAP), which quantifies security threats by calculating the total severity weights of relevant Attack Paths for Commercial Off The Shelf (COTS) systems. Compared to existing approaches, TMAP is sensitive to an organization?s business value priorities and IT environment. It distills the technical details of thousands of relevant software vulnerabilities into management-friendly numbers at a high-level. T-MAP can help system designers evaluate the security performance of COTS systems and analyze the effectiveness of security practices. In the case study, we demonstrate the steps of using T-MAP to analyze the cost-effectiveness of how system patching and upgrades can improve security. In addition, we introduce a software tool that automates the T-MAP.

Citation:

Yue Chen, Barry Boehm, Luke Sheppard, "Value Driven Security Threat Modeling Based on Attack Path Analysis," hicss, pp.280a, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.