Information modeling for automated risk analysis

被引:0
作者
Chivers, Howard [1 ]
机构
[1] Cranfield Univ, Dept Informat Syst, Def Acad United Kingdom, Swindon SN6 8LA, Wilts, England
来源
COMMUNICATIONS AND MULTIMEDIA SECURITY, PROCEEDINGS | 2006年 / 4237卷
关键词
security; risk; model; information; threat; service-oriented; communication;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Systematic security risk analysis requires an information model which integrates the system design, the security environment (the attackers, security goals etc) and proposed security requirements. Such a model must be scalable to accommodate large systems, and support the efficient discovery of threat paths and the production of risk-based metrics; the modeling approach must balance complexity, scalability and expressiveness. This paper describes such a model; novel features include combining formal information modeling with informal requirements traceability to support the specification of security requirements on incompletely specified services, and the typing of information flow to quantify path exploitability and model communications security.
引用
收藏
页码:228 / 239
页数:12
相关论文
共 50 条
  • [21] Building information modeling as a risk transformer: An evolutionary insight into the project uncertainty
    Ahmad, Zubair
    Thaheem, Muhammad Jamaluddin
    Maqsoom, Ahsen
    AUTOMATION IN CONSTRUCTION, 2018, 92 : 103 - 119
  • [22] Determinants of Seeking and Avoiding Risk-Related Information in Times of Crisis
    Gutteling, Jan M.
    de Vries, Peter W.
    RISK ANALYSIS, 2017, 37 (01) : 27 - 39
  • [23] The Information Security Risk Management
    Semin, Valeriy G.
    Shmakova, Elena G.
    Los, Lexei B.
    PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
  • [24] Does information form matter when giving tailored risk information to patients in clinical settings? A review of patients' preferences and responses
    Harris, Rebecca
    Noble, Claire
    Lowers, Victoria
    PATIENT PREFERENCE AND ADHERENCE, 2017, 11 : 389 - 399
  • [25] Risk Modeling in the Insurance Industry
    Njegomir, Vladimir
    Ciric, Jelena
    STRATEGIC MANAGEMENT, 2012, 17 (01): : 53 - 60
  • [26] A United States-China Comparison of Risk Information-Seeking Intentions
    Yang, Z. Janet
    Kahlor, LeeAnn
    Li, Haichun
    COMMUNICATION RESEARCH, 2014, 41 (07) : 935 - 960
  • [27] Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding
    Henzl, Martin
    Hanacek, Petr
    2013 INTERNATIONAL SYMPOSIUM ON BIOMETRICS AND SECURITY TECHNOLOGIES (ISBAST), 2013, : 141 - 148
  • [28] The development of risk analysis methodology for information asset on network
    Jung, Y
    Kim, I
    Lee, N
    Park, J
    SAM '04: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, 2004, : 258 - 261
  • [29] Analysis of Risk in Supply Chain Information Sharing and the Countermeasures
    Wang, Feng
    PROCEEDINGS OF THE 2016 INTERNATIONAL CONFERENCE ON MANAGEMENT SCIENCE AND MANAGEMENT INNOVATION, 2016, 10 : 109 - 111
  • [30] Preemptive Prediction-Based Automated Cyberattack Framework Modeling
    Ryu, Sungwook
    Kim, Jinsu
    Park, Namje
    Seo, Yongseok
    SYMMETRY-BASEL, 2021, 13 (05):
12345