Evaluation of complex security scenarios using defense trees and economic indexes
نویسندگان
چکیده
In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender’s return on security investment and the attacker’s return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.
منابع مشابه
Strategic Games on Defense Trees
In this paper we use defense trees, an extension of attack trees with countermeasures, to represent attack scenarios and game theory to detect the most promising actions attacker and defender. On one side the attacker wants to break the system (with as little efforts as possible), on the opposite side the defender want to protect it (sustaining the minimum cost). As utility function for the att...
متن کاملFoundations of Attack-Defense Trees
We introduce and give formal definitions of attack–defense trees. We argue that these trees are a simple, yet powerful tool to analyze complex security and privacy problems. Our formalization is generic in the sense that it supports different semantical approaches. We present several semantics for attack–defense trees along with usage scenarios, and we show how to evaluate attributes.
متن کاملTrade and National Security: A Test for Best-Known Hypothesis
National security depends on soft power, the ability of a country to generate and use its economic power and to project its national values. It also depends on long-term factors that contribute to economic growth and increase the total resources base available not only for defense but to provide economic security in the form of income and business opportunities for individuals. The economic iss...
متن کاملUsing Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study
Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs. We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we reflec...
متن کاملThe Forecast of Economic Welfare and Food Security of Iran under Climate Changes*
Food security and economic welfare strongly depend on agricultural production, the loss of this production can be a serious challenge for food security and economic welfare. Agricultural production is also influenced by environmental and climatic factors so that the variations of climatic parameters can trigger extensive fluctuations in agricultural production. This study classifies climate cha...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Exp. Theor. Artif. Intell.
دوره 24 شماره
صفحات -
تاریخ انتشار 2012