Towards Operational Measures of Computer Security: Experimentation and Modelling

Olovsson, Tomas; Jonsson, Erland; Brocklehurst, Sarah; Littlewood, Bev

doi:10.1007/978-3-642-79789-7_31

Cited by 13 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, mature effort-based models that have been proposed are still rare. Using effort as a factor was first discussed by Brocklehurst and Littlewood [19], [20], but they have not suggested a unit or a way to measure effort. Alhazmi et al [21] present a reference formula for testing effort.…”

Section: B Effort-based Modelsmentioning

confidence: 99%

E-WBM: An Effort-Based Vulnerability Discovery Model

Wang

Tian

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Vulnerability discovery models (VDMs) have recently been proposed to estimate the cumulative number of vulnerabilities that will be disclosed after software is released. A precise VDM would offer an available quantitative insight to assess software security. Even though VDM has demonstrated its effectiveness in multiple software, it remains limited in accuracy, especially with weak versatility. We propose a novel effort-based VDMs, named E-WBM, to improve critical vulnerability discovery rate algorithm using Weibull probability distribution function towards efficient vulnerability discovery models. E-WBM accurately portrays the trend of software security vulnerabilities disclosure. We evaluate E-WBM on eight popular real-world operating systems and show the feasibility of the proposed model. We further compare E-WBM with a state-of-the-art effort-based model AME and time-based model JW on the above eight operating systems. Our comparison also demonstrates that E-WBM consistently outperforms AME and JW both at reducing the deviations and fitting curve trends. In addition to the model fitting, predictive capabilities of two effort-based models E-WBM and AME are also examined. The results show that the E-WBM model yields a more stable prediction with a significantly less error than AME.

show abstract

Section: B Effort-based Modelsmentioning

confidence: 99%

E-WBM: An Effort-Based Vulnerability Discovery Model

Wang

Tian

et al. 2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…A possible way to achieve this is to perform attacking campaigns, during which intruders are encouraged to attack a system, while as much relevant data as possible on the intrusion process are collected [5], [18], [27], [41].…”

Section: Measures Of Behavioural and Preventive Securitymentioning

confidence: 99%

An integrated framework for security and dependability

Jonsson

1998

Proceedings of the 1998 Workshop on New Security Paradigms

Self Cite

View full text Add to dashboard Cite

This paper deals with the problem of interpreting security and dependability in such a way that they can be incorporated into the same framework. This calls for a modified understanding of some of the traditional concepts. Thus, a system-related conceptual model is suggested in which the various aspects of security and dependability are analyzed and regrouped into a new "input-output"-related system model. The input characteristics of this new model are interpreted in preventive terms, whereas the output characteristics are interpreted in behavioural terms with respect to the user of the system. One of the benefits of the model is that it can form a basis for composite measures of security and dependability. Thus, it is possible to define preventive measures and behavioural measures. The behavioural measures are measures that relate to the behaviour of the system, or, put informally, relate to the "output" of the system. Behavioural measures deal with system failures, e.g., the probability for and magnitude of such failures. Well-known reliability methods, such as Markov modelling, can be used for deriving behavioural measures of security. A preventive measure, on the other hand, would describe the system's ability to avoid detrimental influence from the environment, in particular influence originating from security breaches into the system.

show abstract

“…For example, if the attackers gain root access on the file-server, they can do virtually anything to the system and the final consequences are impossible to assess completely. In our intrusion experiment, the attackers were told to stop when they had obtained the desired higher privileges, as we did not want them to disturb the work of ordinary system users [20]. In terms of real-time intrusion detection, another reason for concentrating on the immediate result is that it is desirable to detect the intrusion and take preemptive action as early as possible, preferably before any damage is done [10].…”

Section: Intrusion Resultsmentioning

confidence: 99%

“…This section briefly outlines the arrangement of the experiment; for details see Olovsson et al [20]. The target system consisted of a set of 24 SUN ELC diskless workstations connected to one file-server, all running SunOS 4.1.2.…”

Section: The Intrusion Experimentsmentioning

confidence: 99%

How to systematically classify computer security intrusions

Lindqvist

Jonsson

Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)

149

View full text Add to dashboard Cite

This paper presents a classification of intrusions with respect to technique as well as to result. The taxonomy is intended to be a step on the road to an established taxonomy of intrusions for use in incident reporting, statistics, warning bulletins, intrusion detection systems etc. Unlike previous schemes, it takes the viewpoint of the system owner and should therefore be suitable to a wider community than that of system developers and vendors only. It is based on data from a realistic intrusion experiment, a fact that supports the practical applicability of the scheme. The paper also discusses general aspects of classification, and introduces a concept called dimension. After having made a broad survey of previous work in the field, we decided to base our classification of intrusion techniques on a scheme proposed by Neumann and Parker in 1989 and to further refine relevant parts of their scheme. Our classification of intrusion results is derived from the traditional three aspects of computer security: confidentiality, availability and integrity.

show abstract

Towards Operational Measures of Computer Security: Experimentation and Modelling

Cited by 13 publications

References 10 publications

E-WBM: An Effort-Based Vulnerability Discovery Model

E-WBM: An Effort-Based Vulnerability Discovery Model

An integrated framework for security and dependability

How to systematically classify computer security intrusions

Contact Info

Product

Resources

About