Chapter

Human Aspects of Information Security, Privacy, and Trust

Volume 8533 of the series Lecture Notes in Computer Science pp 233-245

Compositional Security Modelling

Structure, Economics, and Behaviour
  • Tristan CaulfieldAffiliated withDepartment of Computer Science, University College London
  • , David PymAffiliated withDepartment of Computer Science, University College London
  • , Julian WilliamsAffiliated withBusiness School, University of Durham

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.