Cloud Enterprise Dynamic Risk Assessment (CEDRA): a dynamic risk assessment using dynamic Bayesian networks for cloud environment

Behbehani, Dawood; Komninos, Nikos; Al-Begain, Khaled; Rajarajan, Muttukrishnan

doi:10.21203/rs.3.rs-1512376/v2

Cited by 1 publication

(3 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to NIST publication NISTIR 8286A [ 32 ], although using expert judgement to estimate risk parameters brings significant value in risk assessments, the results of a risk assessment may be more objective and accurate when they are based on information known from prior events. Towards this direction, the deployment of Bayesian networks has caught the attention of scholars [ 64 ] as Bayesian analysis includes methods for considering conditional probability, namely the application of a distribution model and a set of known prior data to help estimate the probability of a future outcome [ 32 ].…”

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

“…Risk assessments, performed based on dynamic attach graphs have caught the attention of scholarship as they account for evidence of compromise at run-time, compared to risk assessments based on static attach graphs that considered the security posture at rest. As such, risk assessments based on dynamic attach graphs have shown themselves to be more efficient in helping system administrators to dynamically react against potential threats [ 64 , 65 ]. In their paper, Luo et al [ 65 ] proposed a Bayesian attack graph model in order to estimate the probabilities of an attacker compromising several networks; resources.…”

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

“…The authors in [ 64 ] emphasized the superiority of Dynamic Bayesian Networks (DBNs) compared to basic Bayesian Networks (BNs) in the area of risk analysis due to DBNs’ ability to model probabilistic data with consideration of temporal dependencies over time. Unlike basic BNs, which can only show relationships between variables at a specific time or for a set period, DBNs are capable of handling time-dependent risk assessments.…”

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

See 2 more Smart Citations

A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Παπαϊωάννου

Pelekoudas-Oikonomou

Μαντάς

et al. 2023

Sensors

View full text Add to dashboard Cite

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

show abstract

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

Section: Quantitative Risk Estimation Approaches (Qreas)mentioning

confidence: 99%

See 1 more Smart Citation