Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models
2009 (English)In: Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS, x , 2009Conference paper (Refereed)
To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.
Place, publisher, year, edition, pages
x , 2009.
Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-80665DOI: 10.1109/HICSS.2009.141ScopusID: 2-s2.0-78650760661ISBN: 978-076953450-3OAI: oai:DiVA.org:kth-80665DiVA: diva2:496594
42nd Annual Hawaii International Conference on System Sciences, HICSS; Waikoloa, HI; United States; 5 January 2009 through 9 January 2009
QC 201507082012-02-102012-02-102015-07-08Bibliographically approved