Name
Abstract | ||
|---|---|---|
Confidentiality, integrity and availability (CIA) are traditionally considered to be the three core goals of cyber security. By developing probabilistic models of these security goals we show that: the CIA goals are actually specific operating points in a continuum of possible mission security requirements; component diversity, including certain types of Moving Target Defenses, versus component hardening as security strategies can be quantitatively evaluated; approaches for diversity can be formalized into a rigorous taxonomy. Such considerations are particularly relevant for so-called Moving Target Defense (MTD approaches that seek to adapt or randomize computer resources in a way to delay or defeat attackers. In particular, we explore tradeoffs between confidentiality and availability in such systems that suggest improvements in one may come at the expense of the other. In other words, there is \"No Free Lunch\" in cyber security. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1145/2663474.2663475 | MTD@CCS |
Keywords | Field | DocType |
security metrics,availability,formal models,diversity,confidentiality,moving targets,integrity,unauthorized access | Security through obscurity,Confidentiality,Asset (computer security),Computer security,No free lunch in search and optimization,Security service,Engineering,Countermeasure (computer),Computer security model,Neurosecurity | Conference |
Citations | PageRank | References |
5 | 0.53 | 5 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| George Cybenko | 1 | 1093 | 148.24 |
| Jeff Hughes | 2 | 5 | 0.87 |