Issue No. 01 - January-February (2011 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.75
Xiaohu Li , University of Texas at San Antonio, San Antonio
Timothy Paul Parker , University of Texas at San Antonio, San Antonio
Shouhuai Xu , University of Texas at San Antonio, San Antonio
Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system: 1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.
Security modeling, quantitative security analysis, vulnerability graph, networked systems, security metric.
S. Xu, T. P. Parker and X. Li, "A Stochastic Model for Quantitative Security Analyses of Networked Systems," in IEEE Transactions on Dependable and Secure Computing, vol. 8, no. , pp. 28-43, 2008.