IDEALS Home University of Illinois at Urbana-Champaign logo The Alma Mater The Main Quad

Adversary-driven state-based system security evaluation

Show full item record

Bookmark or cite this item: http://hdl.handle.net/2142/29707

Files in this item

File Description Format
PDF LeMay_Elizabeth.pdf (3MB) (no description provided) PDF
Title: Adversary-driven state-based system security evaluation
Author(s): Lemay, Elizabeth
Advisor(s): Sanders, William H.
Contributor(s): Nicol, David M.; Loui, Michael C.; Borisov, Nikita
Department / Program: Electrical & Computer Eng
Discipline: Electrical & Computer Engr
Degree Granting Institution: University of Illinois at Urbana-Champaign
Degree: Ph.D.
Genre: Doctoral
Subject(s): model-based quantitative security metrics system security analysis attack execution graph executable security models attack step decision function state look-ahead tree ADversary VIew Security Evaluation (ADVISE) method
Abstract: Quantitative metrics can aid decision-makers in making informed trade-off decisions. In system-level security decisions, quantitative security metrics allow decision-makers to compare the relative security of different system configurations. To produce model-based quantitative security metrics, we have formally defined and implemented the ADversary VIew Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the likely results of such an attack. In an ADVISE model, attack steps are precisely defined and organized into an attack execution graph, and an adversary profile captures a particular adversary's attack preferences and attack goals. We create executable security models that combine information from the attack execution graph, the adversary profile, and the desired security metrics to produce quantitative metrics data. The ADVISE model execution algorithms use the adversary profile and the attack execution graph to simulate how the adversary is likely to attack the system. The adversary selects the best next attack step by evaluating the attractiveness of several attack steps, considering cost, payoff, and the probability of detection. The attack step decision function compares the attractiveness of different attack steps by incorporating the adversary's attack preferences and attack goals. The attack step decision function uses a state look-ahead tree to recursively compute how future attack decisions influence the attractiveness values of the current attack step options. To efficiently produce quantitative model-based security metrics, the ADVISE method has been implemented in a tool that facilitates user input of system and adversary data and automatically generates executable models. The tool was used in two case studies that illustrate how to analyze the security of a system using the ADVISE method. The case studies demonstrate the feasibility of ADVISE and provide an example of the type of security analysis that ADVISE enables. The ADVISE method aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions. System architects can use ADVISE models to compare the security strength of system architecture variants and analyze the threats posed by different adversaries.
Issue Date: 2012-02-06
Genre: thesis
URI: http://hdl.handle.net/2142/29707
Rights Information: Copyright 2011 Elizabeth Anne LeMay
Date Available in IDEALS: 2012-02-06
Date Deposited: 2011-12
 

This item appears in the following Collection(s)

Show full item record

Item Statistics

  • Total Downloads: 88
  • Downloads this Month: 5
  • Downloads Today: 0

Browse

My Account

Information

Access Key