Experimenting with quantitative evaluation tools for monitoring operational security

被引:222
作者
Ortalo, R [1 ]
Deswarte, Y [1 ]
Kaâniche, M [1 ]
机构
[1] CNRS, LAAS, F-31077 Toulouse 4, France
来源
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING | 1999年 / 25卷 / 05期
关键词
security assessment; operational vulnerabilities; privilege graph; quantitative evaluation;
D O I
10.1109/32.815323
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its security vulnerabilities. Quantitative measures that estimate the effort an attacker might expend to exploit these Vulnerabilities to defeat the system security objectives are proposed. A set of tools has been developed to compute such measures and has been used in an experiment to monitor a large real system for nearly two years. The experimental results are presented and the validity of the measures is discussed. Finally, the practical usefulness of such tools for operational security monitoring is shown and a comparison with other existing approaches is given.
引用
收藏
页码:633 / 650
页数:18
相关论文
共 15 条
[1]  
ANDERSON D, 1993, 2596 SRI
[2]  
DACIER M, 1996, P 12 IFIP INF SYST S, P177
[3]  
Dacier M., 1994, LECT NOTES COMPUTER, V875, P317
[4]  
DACIER M, 1994, 94488 LAAS
[5]  
FARMER D, 1990, P SUMM US C AN CAL
[6]  
Garfinkel Simson., 1996, PRACTICAL UNIX INTER
[7]  
GUPTA S, 1992, P 15 NATL COMP SEC C, V1, P165
[8]  
*ITSEC, 1991, INF TECHN SEC EV CRI
[9]  
*ITSEM, 1993, INF TECHN SEC EV MAN
[10]  
Littlewood B., 1993, Journal of Computer Security, V2, P211
12