Abstract | ||
---|---|---|
We present an assessment of ICT systems that merges a scenario approach and a Monte Carlo method. To automate the assessment, we have developed two tools. The first one builds a formal description of the vulnerabilities in the target system and of the attacks they enable. Starting from this description, the second tool consider each scenario of interest and it simulate several times how intelligent and adaptive threat agents compose these attacks to reach some goals. By collecting samples in these simulations, this tool returns a database to compute statistics of interest for the assessment, such as the success probability of the agents or their average impacts. After outlining the design of the tools, we discuss a test case to show how they are exploited in a real assessment to manage the corresponding risk. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/PDP.2014.105 | Parallel, Distributed and Network-Based Processing |
Keywords | Field | DocType |
Monte Carlo methods,multi-agent systems,security of data,ICT systems assessment,Monte Carlo method,adaptive threat agent,formal description,intelligent agent,target system vulnerabilities,Monte Carlo method,intelligent threat agent,risk assessment,vulnerability assessment,vulnerability scanning | Monte Carlo method,Software engineering,Computer science,Computer security,Vulnerability assessment,Risk assessment,Multi-agent system,Formal description,Information and Communications Technology,Vulnerability scanning,Distributed computing,Vulnerability | Conference |
ISSN | Citations | PageRank |
1066-6192 | 6 | 0.44 |
References | Authors | |
13 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Fabrizio Baiardi | 1 | 82 | 7.91 |
Fabio Cor貌 | 2 | 6 | 0.44 |
Federico Tonelli | 3 | 8 | 0.82 |
Daniele Sgandurra | 4 | 6 | 1.80 |