16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008) (2014)
Torino, Italy Italy
Feb. 12, 2014 to Feb. 14, 2014
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PDP.2014.105
We present an assessment of ICT systems that merges a scenario approach and a Monte Carlo method. To automate the assessment, we have developed two tools. The first one builds a formal description of the vulnerabilities in the target system and of the attacks they enable. Starting from this description, the second tool consider each scenario of interest and it simulate several times how intelligent and adaptive threat agents compose these attacks to reach some goals. By collecting samples in these simulations, this tool returns a database to compute statistics of interest for the assessment, such as the success probability of the agents or their average impacts. After outlining the design of the tools, we discuss a test case to show how they are exploited in a real assessment to manage the corresponding risk.
Databases, Computational modeling, Topology, Monte Carlo methods, Probability, Complexity theory, Accuracy
F. Baiardi, F. Coro, F. Tonelli and D. Sgandurra, "A Scenario Method to Automatically Assess ICT Risk," 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)(PDP), Torino, Italy Italy, 2014, pp. 544-551.