Table 9 - uploaded by Barry Boehm
Content may be subject to copyright.
Source publication
This paper presents the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems. Compared to existing approaches, T-MAP is sensitive to an organization's business value priorities and IT e...
Contexts in source publication
Context 1
... software vulnerabilities is done to block those Attacking Paths that are caused by the vulnerabilities. A Suppressing Matrix as illustrated in Table 9 demonstrates how some of the popular security practices may affect the Structured Attack Graph. ...
Citations
... Chen et al. discussed using CVSS for COTS software systems to measure security investment benefits (Chen, 2007;Chen, Boehm, and Sheppard, 2007). They argue that the CVSS does not take the context of the values into account and is misleading. ...
... Chen et al. [76] present threats modeling method based on attacking path analysis (T-MAP) which quantifies security threats by calculating the total severity weights of relevant attacking paths for commercial off the shelf (COTS) based systems. First, key stakeholders and values propositions are identified. ...
Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems.
... In addition, research that focuses on behavioral aspects of reducing information security breaches has also been rapidly developing. However, research focusing on the economics of information security investment, where the traditional decision analysis in determining the optimal level of investments based on risk and returns, is still rather sparse but attracting more and more research work (Bier and Abhichandani 2003;Chen et al. 2007;Gordon and Loeb 2002;Grossklags et al. 2008;Hoo 2000;Huang et al. 2006;Hulthen 2008;Kumar et al. 2007;Matsuura 2008;Tatsume and Goto 2009). Several economic models of information security investment have been proposed recently to aid decision making of resource allocation. ...
Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under security breach. We present two algorithms that calculate the probability of threat and the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters, where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm, called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis and design of more secured data centers.
... There are few relevant works regarding the CVSS and its use. Chen et al. (2007) and Chen (2007) discuss an approach for measuring security investment benefits for Commercial-Off-The-Shelf (COTS) software systems using CVSS. The argument made by the authors is that the CVSS may be misleading as it does not take the context of the values into account. ...
Modern society relies on and profits from well-balanced computerized systems. Each of these systems has a core mission such as the correct and safe operation of safety critical systems or innovative and effective operation of e-commerce systems. It might be said that the success of these systems depends on their mission. Although the concept of “well-balanced” has a slightly different meaning for each of these two categories of systems, both have to meet customer needs, deliver capabilities and functions according to expectations and generate revenue to sustain today’s highly competitive market. Tighter financial constraints are forcing safety critical systems away from dedicated and expensive communication regimes, such as the ownership and operation of dedicated communication links, towards reliance on third parties and standardized means of communication. As a consequence, knowledge about their internal structures and operations is more widely and publicly available and this can make them more prone to security attacks. These systems are, therefore, moving towards a remotely exploitable environment and the risks associated with this must be controlled.
... Regarding the CVSS and its use there are few relevant works. Boehm, Chen and Sheppard (2007) [15] and Chen (2008) [16] discuss an approach to measuring security investment benefits for off the shelf software systems using CVSS. The argument made by the authors is that the CVSS may be misleading, as it does not incorporate the value context. ...
... Regarding the CVSS and its use there are few relevant works. Boehm, Chen and Sheppard (2007) [15] and Chen (2008) [16] discuss an approach to measuring security investment benefits for off the shelf software systems using CVSS. The argument made by the authors is that the CVSS may be misleading, as it does not incorporate the value context. ...
Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost- benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time.
