Quantitative risk analysis of computer networks.

Bilar, Daniel; Cybenko, George

doi:10.1349/ddlp.3

Cited by 13 publications

(11 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Vulnerability databases such as NVD [20] and Bugtraq [1] describe vulnerabilities' impacts in detail. Unfortunately, much of the available data is intended for human consumption and is sometimes incorrect or out of date [9]. NetSPA uses a simple logistic regression classifier, trained on a hand-evaluated sample set, to automatically classify vulnerabilities.…”

Section: Vulnerability Evaluationmentioning

confidence: 99%

Practical Attack Graph Generation for Network Defense

Ingols

Lippmann

Piwowarski

2006

2006 22nd Annual Computer Security Applications Conference (ACSAC'06)

282

217

View full text Add to dashboard Cite

show abstract

Section: Vulnerability Evaluationmentioning

confidence: 99%

Practical Attack Graph Generation for Network Defense

Ingols

Lippmann

Piwowarski

2006

2006 22nd Annual Computer Security Applications Conference (ACSAC'06)

282

217

View full text Add to dashboard Cite

show abstract

“…An early work in risk assessment of computer systems is proposed by [7]. and presents a model to measure risks in networked systems.…”

Section: Related Workmentioning

confidence: 99%

Attack Graph-Based Risk Assessment and Optimisation Approach

Alhomidi¹,

Reed²

2014

IJNSA

View full text Add to dashboard Cite

show abstract

“…SooHoo [20] proposed a general model using decision analysis to estimate computer security risk and automatically update input estimates. Bilar [1] used reliability modeling to analyze the risk of a distributed system. Risk is calculated as a function of the probability of faults being present in the system's constituent components.…”

Section: Related Workmentioning

confidence: 99%

Algorithmic Aspects of Risk Management

Gehani

Zaniewski

Subramani

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Risk analysis has been used to manage the security of systems for several decades. However, its use has been limited to offline risk computation and manual response. In contrast, we use risk computation to drive changes in an operating system's security configuration. This allows risk management to occur in real time and reduces the window of exposure to attack. We posit that it is possible to protect a system by reducing its functionality temporarily when it is under siege. Our goal is to minimize the tension between security and usability by trading them dynamically. Instead of statically configuring a system, we aim to monitor the risk level, using it to drive the tradeoff between security and utility. The advantage of this approach is that it provides users with the maximum possible functionality for any predefined level of risk tolerance.Risk management can be framed as an exercise in managing the constraints on edge and vertex weights of a tripartite graph, with the partitions corresponding to the threats, vulnerabilities, and assets in the system. If a threat requires a specific permission and affects a particular asset, an edge is added between the threat and the permission that mediates access to the vulnerable resource. Another edge is added between the permission and the asset. The presence of a path from a threat, through a permission check, to an asset contributes an element of risk. Risk can be reduced by denying access to a resource that contains a vulnerability or activating data protection measures. We analyze some of the problems that form the algorithmic underpinnings of optimal risk management.

show abstract

Quantitative risk analysis of computer networks.

Cited by 13 publications

References 13 publications

Practical Attack Graph Generation for Network Defense

Practical Attack Graph Generation for Network Defense

Attack Graph-Based Risk Assessment and Optimisation Approach

Algorithmic Aspects of Risk Management

Contact Info

Product

Resources

About