Contributions to Proceedings:
E. Kiesling, A. Ekelhart, B. Grill, C. Stummer, C. Strauss:
"Evolving Secure Information Systems through Attack Simulation";
in: "Proceedings of the 47th Hawaii International Conference on System Science",
IEEE Computer Society,
In this paper, we introduce a simulation-based,
evolutionary approach for analyzing and improving
the security of complex information systems. Rather
than following a purely technical approach, we bring
in a social and behavioral perspective through a
combination of conceptual security knowledge
modeling, behavioral modeling of threat agents,
simulation of attacks, and evolutionary optimization.
Based on results from numerous attack simulations
for various internal and external attackers, metrics
such as impact on confidentiality, availability, and
integrity of the simulated attacks are monitored and
efficient sets of security controls with respect to
multiple risk, cost and benefit objectives are
determined. We describe the developed approach as
well as a prototypical implementation and demonstrate
its applicability by means of an illustrative example.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Created from the Publication Database of the Vienna University of Technology.