Experimenting with quantitative evaluation tools for monitoring operational security
R Ortalo, Y Deswarte… - IEEE Transactions on …, 1999 - ieeexplore.ieee.org
This paper presents the results of an experiment in security evaluation. The system is
modeled as a privilege graph that exhibits its security vulnerabilities. Quantitative measures …
modeled as a privilege graph that exhibits its security vulnerabilities. Quantitative measures …
[PDF][PDF] Quantitative assessment of operational security: Models and tools
M Dacier, Y Deswarte, M Kaâniche - … , ed. by SK Katsikas and D …, 1996 - researchgate.net
This paper proposes a novel approach to help computing system administrators in
monitoring the security of their systems. This approach is based on modeling the system as …
monitoring the security of their systems. This approach is based on modeling the system as …
[图书][B] Models and tools for quantitative assessment of operational security
M Dacier, Y Deswarte, M Kaâniche - 1996 - Springer
This paper proposes a novel approach to help computing system administrators in
monitoring the security of their systems. The approach is based on modeling the system as a …
monitoring the security of their systems. The approach is based on modeling the system as a …
Security modeling and analysis
J Bau, JC Mitchell - IEEE Security & Privacy, 2011 - ieeexplore.ieee.org
Security modeling centers on identifying system behavior, including any security defenses;
the system adversary's power; and the properties that constitute system security. Once a …
the system adversary's power; and the properties that constitute system security. Once a …
[PDF][PDF] A sound and practical approach to quantifying security risk in enterprise networks
J Homer, X Ou, D Schmidt - Kansas State University Technical Report, 2009 - Citeseer
Mitigation of security risk is an important task in enterprise network security management.
However it is presently a skill acquired by individual experience, more an art than a science …
However it is presently a skill acquired by individual experience, more an art than a science …
[PDF][PDF] Toward a secure system engineering methodolgy
C Salter, OS Saydjari, B Schneier… - Proceedings of the 1998 …, 1998 - dl.acm.org
This paper presents a methodology for enumerating the vuinerabilities of a system, and
determining what countermeasures can best close those vulnerabilities. We first describe …
determining what countermeasures can best close those vulnerabilities. We first describe …
Model-based analysis of configuration vulnerabilities
CR Ramakrishnan, R Sekar - Journal of Computer Security, 2002 - content.iospress.com
Model-based analysis of configuration vulnerabilities1 Page 1 Journal of Computer Security
10 (2002) 189–209 189 IOS Press Model-based analysis of configuration vulnerabilities1 CR …
10 (2002) 189–209 189 IOS Press Model-based analysis of configuration vulnerabilities1 CR …
[PDF][PDF] Towards a framework for security measurement
C Wang, WA Wulf - 20th National Information Systems Security …, 1997 - csrc.nist.gov
We are living in an era when computer technology constantly changes our lives. While
placing unprecedented reliance on computers and digital systems, we continue to have a …
placing unprecedented reliance on computers and digital systems, we continue to have a …
Assessing the risk of using vulnerable components
D Balzarotti, M Monga, S Sicari - Quality of Protection: Security …, 2006 - Springer
This paper discusses how information about the architecture and the vulnerabilities affecting
a distributed system can be used to quantitatively assess the risk to which the system is …
a distributed system can be used to quantitatively assess the risk to which the system is …
A weakest-adversary security metric for network configuration security analysis
J Pamula, S Jajodia, P Ammann… - Proceedings of the 2nd …, 2006 - dl.acm.org
A security metric measures or assesses the extent to which a system meets its security
objectives. Since meaningful quantitative security metrics are largely unavailable, the …
objectives. Since meaningful quantitative security metrics are largely unavailable, the …