Scholars@Duke

Model-based evaluation: From dependability to security

Publication ,  Journal Article
Nicol, DM; Sanders, WH; Trivedi, KS
Published in: IEEE Transactions on Dependable and Secure Computing
January 1, 2004
Published version (DOI)

The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques is now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discrete-event simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.

Duke Scholars

Kishor S. Trivedi
Author Kishor S. Trivedi Electrical and Computer Engineering
Altmetric Attention Stats
Dimensions Citation Stats

Published In

IEEE Transactions on Dependable and Secure Computing

DOI

10.1109/TDSC.2004.11

ISSN

1545-5971

Publication Date

January 1, 2004

Volume

1

Issue

1

Start / End Page

48 / 64

Related Subject Headings

  • Strategic, Defence & Security Studies
  • 4606 Distributed computing and systems software
  • 4604 Cybersecurity and privacy
  • 0805 Distributed Computing
  • 0804 Data Format
  • 0803 Computer Software
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Nicol, D. M., Sanders, W. H., & Trivedi, K. S. (2004). Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing, 1(1), 48–64. https://doi.org/10.1109/TDSC.2004.11
Nicol, D. M., W. H. Sanders, and K. S. Trivedi. “Model-based evaluation: From dependability to security.” IEEE Transactions on Dependable and Secure Computing 1, no. 1 (January 1, 2004): 48–64. https://doi.org/10.1109/TDSC.2004.11.
Nicol DM, Sanders WH, Trivedi KS. Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing. 2004 Jan 1;1(1):48–64.
Nicol, D. M., et al. “Model-based evaluation: From dependability to security.” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, Jan. 2004, pp. 48–64. Scopus, doi:10.1109/TDSC.2004.11.
Nicol DM, Sanders WH, Trivedi KS. Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing. 2004 Jan 1;1(1):48–64.

Published In

IEEE Transactions on Dependable and Secure Computing

DOI

10.1109/TDSC.2004.11

ISSN

1545-5971

Publication Date

January 1, 2004

Volume

1

Issue

1

Start / End Page

48 / 64

Related Subject Headings

  • Strategic, Defence & Security Studies
  • 4606 Distributed computing and systems software
  • 4604 Cybersecurity and privacy
  • 0805 Distributed Computing
  • 0804 Data Format
  • 0803 Computer Software