Qualitative and quantitative analytical techniques for network security assessment

“…While these are interesting and offer different views to study the system of evaluation, they often rely on a fixed formula to determine the system-wide values (multiplication of probabilities to find the total probability of attackers achieving their goals [4], access path vulnerabilities are the sum of the vulnerabilities of the included edges [11]). Thus, they are not applicable to the non-linear world.…”

“…The existing work in the last category, focusing only on the security, decomposes the real system into entities of concern and models the interactions between these entities in different ways such as system devices and access paths [11], network components with physical and logical connections [4], security contributing factors and functional relationships [20]. While these are interesting and offer different views to study the system of evaluation, they often rely on a fixed formula to determine the system-wide values (multiplication of probabilities to find the total probability of attackers achieving their goals [4], access path vulnerabilities are the sum of the vulnerabilities of the included edges [11]).…”

Security Assurance Aggregation for IT Infrastructures

“…While these are interesting and offer different views to study the system of evaluation, they often rely on a fixed formula to determine the system-wide values (multiplication of probabilities to find the total probability of attackers achieving their goals [4], access path vulnerabilities are the sum of the vulnerabilities of the included edges [11]). Thus, they are not applicable to the non-linear world.…”

“…The existing work in the last category, focusing only on the security, decomposes the real system into entities of concern and models the interactions between these entities in different ways such as system devices and access paths [11], network components with physical and logical connections [4], security contributing factors and functional relationships [20]. While these are interesting and offer different views to study the system of evaluation, they often rely on a fixed formula to determine the system-wide values (multiplication of probabilities to find the total probability of attackers achieving their goals [4], access path vulnerabilities are the sum of the vulnerabilities of the included edges [11]).…”

Security Assurance Aggregation for IT Infrastructures

“…Dawkins et al define an attack plan and classify attack levels in the network. Clark et al [2] present multi-step attack modeling in attack trees and analyze cut sets of the attack tree. Ray and Poolsapassit [9] present an attack tree expansion structure and a minimal attack tree to reduce the deficiencies in traditional attack trees.…”

Vulnerability-based information security risk assessment using attack tree

“…The existing work in the last category decomposes the real system into entities of concern and models the interactions between these entities in different ways such as system devices and access path [15], network components with physical and logical connections [5], security contributing factors and functional relationships [28]. While this is interesting and offers different views to study the system of evaluation, these approaches often rely on a fixed formula to determine the system-wide values.…”

A Near Real-Time System for Security Assurance Assessment