Skip to main content

Modeling and quantification of security attributes of software systems

Publication ,  Journal Article
Madan, BB; Goševa-Popstojanova, K; Vaidyanathan, K; Trivedi, KS
Published in: Proceedings of the 2002 International Conference on Dependable Systems and Networks
December 1, 2002

Quite often failures in network based services and server systems may not be accidental, but rather caused by deliberate security intrusions. We would like such systems to either completely preclude the possibility of a security intrusion or design them to be robust enough to continue functioning despite security attacks. Not only is it important to prevent or tolerate security intrusions, it is equally important to treat security as a QoS attribute at par with, if not more important than other QoS attributes such as availability and performability. This paper deals with various issues related to quantifying the security attribute of an intrusion tolerant system, such as the SITAR system. A security intrusion and the response of an intrusion tolerant system to the attack is modeled as a random process. This facilitates the use of stochastic modeling techniques to capture the attacker behavior as well as the system's response to a security intrusion. This model is used to analyze and quantify the security attributes of the system. The security quantification analysis is first carried out for steady-state behavior leading to measures like steady-state availability. By transforming this model to a model with absorbing states, we compute a security measure called the "mean time (or effort) to security failure" and also compute probabilities of security failure due to violations of different security attributes.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

Proceedings of the 2002 International Conference on Dependable Systems and Networks

DOI

Publication Date

December 1, 2002

Start / End Page

505 / 514
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Madan, B. B., Goševa-Popstojanova, K., Vaidyanathan, K., & Trivedi, K. S. (2002). Modeling and quantification of security attributes of software systems. Proceedings of the 2002 International Conference on Dependable Systems and Networks, 505–514. https://doi.org/10.1109/DSN.2002.1028941
Madan, B. B., K. Goševa-Popstojanova, K. Vaidyanathan, and K. S. Trivedi. “Modeling and quantification of security attributes of software systems.” Proceedings of the 2002 International Conference on Dependable Systems and Networks, December 1, 2002, 505–14. https://doi.org/10.1109/DSN.2002.1028941.
Madan BB, Goševa-Popstojanova K, Vaidyanathan K, Trivedi KS. Modeling and quantification of security attributes of software systems. Proceedings of the 2002 International Conference on Dependable Systems and Networks. 2002 Dec 1;505–14.
Madan, B. B., et al. “Modeling and quantification of security attributes of software systems.” Proceedings of the 2002 International Conference on Dependable Systems and Networks, Dec. 2002, pp. 505–14. Scopus, doi:10.1109/DSN.2002.1028941.
Madan BB, Goševa-Popstojanova K, Vaidyanathan K, Trivedi KS. Modeling and quantification of security attributes of software systems. Proceedings of the 2002 International Conference on Dependable Systems and Networks. 2002 Dec 1;505–514.

Published In

Proceedings of the 2002 International Conference on Dependable Systems and Networks

DOI

Publication Date

December 1, 2002

Start / End Page

505 / 514