Security Stress: Evaluating ICT Robustness Through a Monte Carlo Method

نویسندگان

  • Fabrizio Baiardi
  • Fabio Corò
  • Federico Tonelli
  • Alessandro Bertolini
  • Roberto Bertolotti
  • Luca Guidi
چکیده

Haruspex is a suite of tools that apply a Monte Carlo method to the risk assessment of an ICT infrastructure. These tools support a scenario-based assessment where in each scenario some intelligent agents compose elementary attacks against the infrastructure to reach some prede ned goals. To support through this suite, the comparison of alternative designs of an infrastructure, we introduce the security stress, a synthetic evaluation of how an ICT infrastructure resists to attacks. After de ning the security stress, we show how it can be approximated through the suite and apply it to compare three versions of a critical infrastructure that supervises a power generation plan.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Harùspex: a Suite to Assess and Manage ICT Risk by Simulating Threat Agents

Haruspex is a suite that supports a scenario-based assessment. In each scenario, intelligent agents compose elementary attacks against an ICT system to reach some predefined goals. Some Haruspex tools build the models of the target system and of the agents of interest. Using these model, further tools apply a Monte Carlo method with multiple, independent simulations of the agent attacks and ret...

متن کامل

Sequential Pattern Mining for ICT Risk Assessment and Prevention

Security risk assessment and prevention in ICT systems rely on the analysis of data on the joint behavior of the system and its (malicious) users. The Haruspex tool models intelligent, goal-oriented agents that reach their goals through attack sequences. Data is synthetically generated through a Monte Carlo method that runs multiple simulations of the attacks against the system. In this paper, ...

متن کامل

Establishing Control Limits on Time Performance Indicators of Projects through Monte Carlo Simulation and Earned Duration Management

Earned Duration Management (EDM) method has been developed to enhance Earned Value Management and to solve some of its problems, such as separation of measuring time and cost dimensions. By providing performance indicators, this method makes it possible for managers to accurately measure the progress of a project and to calculate the time and cost required to complete it. Nevertheless, the acce...

متن کامل

Simulating Attack Plans Against ICT Infrastructures

Goal-oriented, rational threat agents attack a complex ICT infrastructure by composing elementary attacks against distinct components into an attack chain or attack plan. To compute statistics on the success probabilities of these plans, we have designed and implemented Haruspex, a tool that implements a Monte Carlo method by simulating the agent plans. A proper set of Haruspex experiments retu...

متن کامل

Con ict Probability Estimation For Free Flight

The safety and e ciency of free ight will bene t from automated con ict prediction and resolution advisories. Con ict prediction is based on trajectory prediction and is less certain the farther in advance the prediction, however. An estimate is therefore needed of the probability that a con ict will occur, given a pair of predicted trajectories and their levels of uncertainty. This paper prese...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014