Security Risk Analysis Based on the Policy Formalization and the Modeling of Big Systems
Security risk models have been successful in estimating the likelihood of attack for simple security threats. However, modeling complex system and their security risk is even a challenge. Many methods have been proposed to face this problem. Often difficult to manipulate, and not enough all-embracing they are not as famous as they should with administrators and deciders. We propose in this paper a new tool to model big systems on purpose. The software, takes into account attack threats and security strength.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1081349Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 975
 David Elliott Bell. Looking back at the bell-la padula model. Computer Security Applications Conference, Annual, 0:337-351, 2005.
 K. J. Biba. Integrity considerations for secure computer systems. Technical report, MITRE Corp., 04 1977.
 Fred'eric Cuppens and Nora Cuppens-Boulahia. Les mod'eles de s'ecurit'e. Trait'e IC2, s'erie r'eseaux et t'el'ecoms, Jun 2006.
 DCSSI. La m'ethode ebios,www.ssi.gouv.fr/fr/confiance/methodes.html.
 Len Lapadula, The Original, D. Elliott Bell, and Leonard J. Lapadula. titled secure computer systems: Mathematical foundations.
 Nicolas Stouls and Vianney Darmaillacq. D'eveloppement formel d-un moniteur d'etectant les violations de politiques de s'ecurit'e de r'eseaux. In S. Vignes and V. Vigui'e Donzeau-Gouge, editors, Approches Formelles dans l-Assistance au D'eveloppement de Logiciels (AFADL-06), pages 179-193, March 2006.
 Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce. Safety analysis of usage control authorization models. In ASIACCS -06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pages 243-254, New York, NY, USA, 2006. ACM.
 Gansen Zhao and David W Chadwick. On the Modeling of Bell-LaPadula Security Policies using RBAC. In Proceedings of 17th IEEE International workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE 2005), Rome, June 2008.