A stochastic model for quantitative security analyses of networked systems

Xiaohu Li, Paul Parker, Shouhuai Xu

Research output: Contribution to journalArticlepeer-review

42 Scopus citations

Abstract

Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system: 1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender tune system configurations (e.g., network topology) so as to improve security? 2) How should a defender tune system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Original languageEnglish
Article number4695835
Pages (from-to)28-43
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume8
Issue number1
DOIs
StatePublished - 2011

Keywords

  • Security modeling
  • networked systems
  • quantitative security analysis
  • security metric.
  • vulnerability graph

Fingerprint

Dive into the research topics of 'A stochastic model for quantitative security analyses of networked systems'. Together they form a unique fingerprint.

Cite this