CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

An Attempt to Quantitative Modelling of Behavioural Security

Erland Jonsson (Institutionen för datorteknik) ; Mikael Andersson (Institutionen för matematik) ; Søren Asmussen
Proceedings of the 11th International Information Security Conference - IFIP/SEC 1995 Vol. addendum (1995), p. 44-57.
[Artikel, refereegranskad vetenskaplig]

This paper suggests a quantitative approach to security, and specifically to a security-concept, which is regarded as an attribute of dependability together with reliability, availability and safety. We note that security is a more complex attribute of dependability than are the other three, and that it can therefore be split into preventive and behavioural aspects. We show that, in addition to availability, confidentiality could be used to denote a new type of behavioural aspect of dependability. Integrity is interpreted in terms of fault prevention, and is not directly related to system behaviour. A practical measure for behavioural dependability attributes including confidentiality is defined. Due to the dependability viewpoint of security that we take, a measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. The measure quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple Reference Monitor example is given to illustrate the use of the measure. The calculation method is then extended to handle situations with non–exponential failure rates, which is the normal case in security applications, by means of using phase–type modelling. This is illustrated by introducing malicious software, such as a Trojan Horse into the Reference Monitor.

Nyckelord: behavioural security, dependability, measure, markov modelling, computer system

Denna post skapades 2013-02-28. Senast ändrad 2013-02-28.
CPL Pubid: 174253


Läs direkt!

Lokal fulltext (fritt tillgänglig)

Institutioner (Chalmers)

Institutionen för datorteknik (1985-2001)
Institutionen för matematik (1987-2001)


Data- och informationsvetenskap

Chalmers infrastruktur