CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Data Collection for Security Fault Forecasting - Pilot Experiment

Tomas Olovsson (Institutionen för datorteknik) ; Erland Jonsson (Institutionen för datorteknik) ; Sarah Brocklehurst ; Bev Littlewood
Predictably Dependable Computing Systems (PDCS) First Year Report p. 515-560. (1993)
[Artikel, refereegranskad vetenskaplig]

In most contexts, it is not feasible to guarantee that a system is 100% secure. Measures and predictions of operational security of computer systems are therefore obviously of interest to any owner of a system which is a candidate for potential intruders. Such measures would allow assessment of current and future expected loss to thesystem owner due to security breaches in a given attacking environment and a given level of protection. In [Littlewood, Brocklehurst et al. 1991] a probabilistic approach to modelling operational security, analogous to that used in reliability, is suggested. It is clear that empirical data would be useful in deriving a plausible probabilistic approach to security modelling. Such data can be acquired experimentally, by allowing a group of selected people to perform security attacks on a given computer system in a controlled way. The attack process can then be monitored and relevant data recorded. This document describes such an experiment. As far as we are aware, this is the first attempt to conduct such an experiment, and our intention was more to explore general feasibility than to collect data that provides significant information for modelling. This pilot experiment did indeed give some valuable information on how future full-scale experiments of this kind should be performed and the results and recommendations for improvements to the experimental set-up are discussed here.

Nyckelord: Security, fault forecasting, data collection, experimentation



Denna post skapades 2013-02-28. Senast ändrad 2015-12-17.
CPL Pubid: 174260

 

Läs direkt!

Lokal fulltext (fritt tillgänglig)


Institutioner (Chalmers)

Institutionen för datorteknik (1985-2001)

Ämnesområden

Data- och informationsvetenskap

Chalmers infrastruktur