Security Risk Analysis Based on the Policy Formalization and the Modeling of Big Systems
Authors: Luc Cessieux, French Navy, Adrien Derock, DCNS/IMATH
Abstract:
Security risk models have been successful in estimating the likelihood of attack for simple security threats. However, modeling complex system and their security risk is even a challenge. Many methods have been proposed to face this problem. Often difficult to manipulate, and not enough all-embracing they are not as famous as they should with administrators and deciders. We propose in this paper a new tool to model big systems on purpose. The software, takes into account attack threats and security strength.
Keywords: Security, risk management, threat, modelization.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1081349
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1276References:
[1] David Elliott Bell. Looking back at the bell-la padula model. Computer Security Applications Conference, Annual, 0:337-351, 2005.
[2] K. J. Biba. Integrity considerations for secure computer systems. Technical report, MITRE Corp., 04 1977.
[3] Fred'eric Cuppens and Nora Cuppens-Boulahia. Les mod'eles de s'ecurit'e. Trait'e IC2, s'erie r'eseaux et t'el'ecoms, Jun 2006.
[4] DCSSI. La m'ethode ebios,www.ssi.gouv.fr/fr/confiance/methodes.html.
[5] Len Lapadula, The Original, D. Elliott Bell, and Leonard J. Lapadula. titled secure computer systems: Mathematical foundations.
[6] Nicolas Stouls and Vianney Darmaillacq. D'eveloppement formel d-un moniteur d'etectant les violations de politiques de s'ecurit'e de r'eseaux. In S. Vignes and V. Vigui'e Donzeau-Gouge, editors, Approches Formelles dans l-Assistance au D'eveloppement de Logiciels (AFADL-06), pages 179-193, March 2006.
[7] Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce. Safety analysis of usage control authorization models. In ASIACCS -06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pages 243-254, New York, NY, USA, 2006. ACM.
[8] Gansen Zhao and David W Chadwick. On the Modeling of Bell-LaPadula Security Policies using RBAC. In Proceedings of 17th IEEE International workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE 2005), Rome, June 2008.