Abstract | ||
---|---|---|
In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/HICSS.2014.597 | HICSS |
Keywords | Field | DocType |
developed approach,attack simulation,conceptual security knowledge modeling,security control,technical approach,behavioral modeling,evolutionary optimization,benefit objective,evolving secure information systems,behavioral perspective,evolutionary approach,complex information system,evolutionary computation | Security testing,Vulnerability (computing),Security controls,Security through obscurity,Computer science,Computer security,Asset (computer security),Cloud computing security,Security information and event management,Management science,Computer security model | Conference |
ISSN | Citations | PageRank |
1060-3425 | 3 | 0.39 |
References | Authors | |
10 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Elmar Kiesling | 1 | 82 | 11.47 |
Andreas Ekelhart | 2 | 317 | 33.03 |
Bernhard Grill | 3 | 15 | 2.81 |
Christian Stummer | 4 | 567 | 39.96 |
Christine Strauss | 5 | 501 | 44.68 |