Compositional Security Modelling

Structure, Economics, and Behaviour
  • Tristan Caulfield
  • David Pym
  • Julian Williams
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Beautement, A., et al.: Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. In: Eric Johnson, M. (ed.) Managing Information Risk and the Economics of Security, pp. 141–163. Springer (2008)Google Scholar
  2. 2.
    Beres, Y., Pym, D., Shiu, S.: Decision Support for Systems Security Investment. In: Proc. Business-driven IT Management (BDIM). IEEE Xplore (2010)Google Scholar
  3. 3.
    Bezanson, J., Karpinski, S., Shah, V.B., Edelman, A.: Julia: A fast dynamic language for technical computing. arXiv:1209.5145 (2012)Google Scholar
  4. 4.
    Bloom, N.: The impact of uncertainty shocks. Econometrica 77(3), 623–685 (2009)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Collinson, M., Monahan, B., Pym, D.: A Discipline of Mathematical Systems Modelling. College Publications (2012)Google Scholar
  6. 6.
  7. 7.
    Coulouris, G., Dollimore, J., Kindberg, T.: Distributed Systems: Concepts and Design, 3rd edn. Addison Wesley (2000)Google Scholar
  8. 8.
    de Simone, R.: Higher-level synchronising devices in Meije-SCCS. Theoretical Computer Science 37, 245–267 (1985)CrossRefMATHMathSciNetGoogle Scholar
  9. 9.
    Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment. ACM Transactions on Information and Systems Security 5(4), 438–457 (2002)CrossRefGoogle Scholar
  10. 10.
    Heathfield, D.F.: Production Functions. Macmillan Press (1971)Google Scholar
  11. 11.
    Hennessy, M., Plotkin, G.: On observing nondeterminism and concurrency. In: de Bakker, J.W., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, pp. 299–309. Springer, Heidelberg (1980)CrossRefGoogle Scholar
  12. 12.
    Ioannidis, C., Pym, D., Williams, J.: Investments and trade-offs in the economics of information security. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 148–166. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Ioannidis, C., Pym, D., Williams, J.: Information security trade-offs and optimal patching policies. European Journal of Operational Research 216(2), 434–444 (2011)CrossRefGoogle Scholar
  14. 14.
    Ioannidis, C., Pym, D., Williams, J.: Fixed costs, investment rigidities, and risk aversion in information security: A utility-theoretic approach. In: Schneier, B. (ed.) Economics of Security and Privacy III, pp. 171–192. Springer (2012)Google Scholar
  15. 15.
  16. 16.
    Keeney, R.L., Raiffa, H.: Decisions with multiple objectives. Wiley (1976)Google Scholar
  17. 17.
    Milner, R.: Calculi for synchrony and asynchrony. Theoret. Comp. Sci. 25(3), 267–310 (1983)CrossRefMATHMathSciNetGoogle Scholar
  18. 18.
    Milner, R.: The Space and Motion of Communicating Agents. CUP (2009)Google Scholar
  19. 19.
    O’Hearn, P.W., Pym, D.J.: The logic of bunched implications. Bulletin of Symbolic Logic 5(2), 215–244 (1999)CrossRefMATHMathSciNetGoogle Scholar
  20. 20.
    Zellner, A.: Bayesian prediction and estimation using asymmetric loss functions. Journal of the American Statistical Association 81, 446–451 (1986)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Tristan Caulfield
    • 1
  • David Pym
    • 1
  • Julian Williams
    • 2
  1. 1.Department of Computer ScienceUniversity College LondonUK
  2. 2.Business SchoolUniversity of DurhamUK

Personalised recommendations