Beiträge in Tagungsbänden:
E. Kiesling, A. Ekelhart, B. Grill, C. Stummer, C. Strauss:
"Evolving Secure Information Systems through Attack Simulation";
in: "Proceedings of the 47th Hawaii International Conference on System Science",
IEEE Computer Society,
2014,
978-1-4799-2504-9/14,
S. 4868
- 4877.
Kurzfassung englisch:
In this paper, we introduce a simulation-based,
evolutionary approach for analyzing and improving
the security of complex information systems. Rather
than following a purely technical approach, we bring
in a social and behavioral perspective through a
combination of conceptual security knowledge
modeling, behavioral modeling of threat agents,
simulation of attacks, and evolutionary optimization.
Based on results from numerous attack simulations
for various internal and external attackers, metrics
such as impact on confidentiality, availability, and
integrity of the simulated attacks are monitored and
efficient sets of security controls with respect to
multiple risk, cost and benefit objectives are
determined. We describe the developed approach as
well as a prototypical implementation and demonstrate
its applicability by means of an illustrative example.
"Offizielle" elektronische Version der Publikation (entsprechend ihrem Digital Object Identifier - DOI)
http://dx.doi.org/10.1109/HICSS.2014.597
Erstellt aus der Publikationsdatenbank der Technischen Universität Wien.