State space approach to security quantification

Christopher Griffin; Bharat Madan; Kishor Trivedi

doi:10.1109/COMPSAC.2005.145

State space approach to security quantification

Christopher Griffin, Bharat Madan, Kishor Trivedi

Applied Research Laboratory (ARL)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov Process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the mean-time to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages K_S and K_V. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MDP can be solved to obtain an optimal controllable language K _S* ⊆K_s the gives the minimal cost safe security policy.

Original language	English (US)
Title of host publication	Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005
Pages	83-88
Number of pages	6
DOIs	https://doi.org/10.1109/COMPSAC.2005.145
State	Published - Dec 1 2005
Event	29th Annual International Computer Software and Applications Conference, COMPSAC 2005 - Edinburgh, Scotland, United Kingdom Duration: Jul 26 2005 → Jul 28 2005

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	2
ISSN (Print)	0730-3157

Conference

Conference	29th Annual International Computer Software and Applications Conference, COMPSAC 2005
Country	United Kingdom
City	Edinburgh, Scotland
Period	7/26/05 → 7/28/05

All Science Journal Classification (ASJC) codes

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2005.145

Fingerprint Dive into the research topics of 'State space approach to security quantification'. Together they form a unique fingerprint.

Cite this

Griffin, C., Madan, B., & Trivedi, K. (2005). State space approach to security quantification. In Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005 (pp. 83-88). [1508089] (Proceedings - International Computer Software and Applications Conference; Vol. 2). https://doi.org/10.1109/COMPSAC.2005.145

@inproceedings{436dab4250f246e9a2207d247bc226da,

title = "State space approach to security quantification",

abstract = "In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov Process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the mean-time to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages KS and KV. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MDP can be solved to obtain an optimal controllable language K S* ⊆Ks the gives the minimal cost safe security policy.",

author = "Christopher Griffin and Bharat Madan and Kishor Trivedi",

year = "2005",

month = dec,

day = "1",

doi = "10.1109/COMPSAC.2005.145",

language = "English (US)",

isbn = "0769522092",

series = "Proceedings - International Computer Software and Applications Conference",

pages = "83--88",

booktitle = "Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005",

note = "29th Annual International Computer Software and Applications Conference, COMPSAC 2005 ; Conference date: 26-07-2005 Through 28-07-2005",

}

Griffin, C, Madan, B & Trivedi, K 2005, State space approach to security quantification. in Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005., 1508089, Proceedings - International Computer Software and Applications Conference, vol. 2, pp. 83-88, 29th Annual International Computer Software and Applications Conference, COMPSAC 2005, Edinburgh, Scotland, United Kingdom, 7/26/05. https://doi.org/10.1109/COMPSAC.2005.145

State space approach to security quantification. / Griffin, Christopher; Madan, Bharat; Trivedi, Kishor.

Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005. 2005. p. 83-88 1508089 (Proceedings - International Computer Software and Applications Conference; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - State space approach to security quantification

AU - Griffin, Christopher

AU - Madan, Bharat

AU - Trivedi, Kishor

PY - 2005/12/1

Y1 - 2005/12/1

N2 - In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov Process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the mean-time to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages KS and KV. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MDP can be solved to obtain an optimal controllable language K S* ⊆Ks the gives the minimal cost safe security policy.

AB - In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov Process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the mean-time to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages KS and KV. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MDP can be solved to obtain an optimal controllable language K S* ⊆Ks the gives the minimal cost safe security policy.

UR - http://www.scopus.com/inward/record.url?scp=34248553830&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34248553830&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2005.145

DO - 10.1109/COMPSAC.2005.145

M3 - Conference contribution

AN - SCOPUS:34248553830

SN - 0769522092

SN - 9780769522098

T3 - Proceedings - International Computer Software and Applications Conference

SP - 83

EP - 88

BT - Proceedings of the 29th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts, COMPSAC 2005

T2 - 29th Annual International Computer Software and Applications Conference, COMPSAC 2005

Y2 - 26 July 2005 through 28 July 2005

ER -