Quantitative Security Risk Modeling and Analysis with RisQFLan
نویسندگان
چکیده
Domain-specific quantitative modeling and analysis approaches are fundamental in scenarios which qualitative inappropriate or unfeasible. In this paper, we present a tool-supported approach to graph-based security risk based on attack-defense trees. Our is QFLan, successful domain-specific support of highly configurable systems, whose components have been decoupled facilitate the instantiation QFLan domain analysis. incorporates distinctive features from three popular kinds attack trees, namely enhanced capabilities-based trees countermeasure into language. The result new framework, called RisQFLan, diagrams. By offering either exact statistical verification probabilistic scenarios, RisQFLan constitutes significant novel contribution existing toolsets that domain. We validate our by highlighting additional offered illustrative case studies seminal
منابع مشابه
Quantitative Risk Analysis for Security Applications (QRASA)
A growing number of security applications, designed to reduce risk from adversaries’ actions, are being developed and deployed. However, there are many challenges when attempting to evaluate such systems, both in the lab and in the real world. Traditional evaluations used by computer scientists, such as runtime analysis and optimality proofs, may be largely irrelevant. The primary contribution ...
متن کاملChildren and geotagged images: quantitative analysis for security risk assessment
This paper investigates the levels of geocoding images with children pictures, and discusses privacy and safety issues that may affect children. This study analyzed the number of geocoded images of children’s pictures on Flickr, a popular image-sharing site. For 50 of the top most expensive residential zip codes in the U.S., the number of images that had gelocation tags was counted. Results sho...
متن کاملSystems Risk Analysis UsingHierarchical Modeling
A fresh look at the system analysis helped us in finding a new way of calculating the risks associated with the system. The author found that, due to the shortcomings of RPN, more researches needed to be done in this area to use RPNs as a new source of information for system risk analysis. It is the purpose of this article to investigate the fundamental concepts of failure modes and effects ana...
متن کاملQuantitative modeling and analysis with FMC-QE
The modeling and evaluation calculus FMC-QE, the Fundamental Modeling Concepts for Quantitative Evaluation [143], extends the Fundamental Modeling Concepts (FMC) for performance modeling and prediction. In this new methodology, the hierarchical service requests are in the main focus, because they are the origin of every service provisioning process. Similar to physics, these service requests ar...
متن کاملRisk-driven security testing using risk analysis with threat modeling approach
Security testing is a process of determining risks present in the system states and protects them from vulnerabilities. But security testing does not provide due importance to threat modeling and risk analysis simultaneously that affects confidentiality and integrity of the system. Risk analysis includes identification, evaluation and assessment of risks. Threat modeling approach is identifying...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers & Security
سال: 2021
ISSN: ['0167-4048', '1872-6208']
DOI: https://doi.org/10.1016/j.cose.2021.102381