Abstract
The number of newly developed information systems has grown considerably in their areas of application, and their concomitant threats of intrusions for the systems over the Internet have increased, too. To reduce the possibilities of such threats, studies on security risk analysis in the field of information security technology have been actively conducted. However, it is very difficult to analyze actual causes of damage or to establish safeguards when intrusions on systems take place within the structure of different assets and complicated networks. Therefore, it is essential that comprehensive preventive measures against intrusions are established in advance through security risk analysis. Vulnerabilities and threats are increasing continuously, while safeguards against these risks are generally only realized some time after damage through an intrusion has occurred. Therefore, it is vital that the propagation effects and levels of damage are analyzed using real-time comprehensive methods in order to predict damage in advance and minimize the extent of the damage. For this reason we propose a modeling technique for information systems by making use of SPICE and Petri-Net, and methods for analyzing the propagation effects and levels of damage based on the epidemic model.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y., Kim, I.: Security Risk Analysis Model for Information Systems. In: Baik, D.-K. (ed.) AsiaSim 2004. LNCS (LNAI), vol. 3398, Springer, Heidelberg (2005)
Zhang, Y.-K., Wang, F.-W., Zhang, Y.-Q., Ma, J.-F.: Worm Propagation Modeling and Analysis Based on Quarantine. In: Infosec 2004, November 14-16. ACM, New York (2004) ISBN:1-58113-955-1
Park, K.M., Kwang, D.: PSpice Understanding and Application (revised) (1992) ISBN 89-85305-02-6
Reisig, W.: Petri Nets, An Introduction, EATCS. In: Brauer, W., Rozenberg, G., Salomaa, A. (eds.) Monographs on Theoretical Computer Science. Springer, Berlin (1985)
Yourdon, E.: Modern Structured Analysis. Prentice-Hall, Englewood Cliffs (1989)
Black, P.E. (ed.): Deterministic finite state machine, Dictionary of Algorithms and Data Structures, NIST, http://www.nist.gov/dads/HTML/determFinitStateMach.html
Kristensen, L.M., Christensen, S., Jensen, K.: The Practitioner’s Guide to Coloured Petri Nets. International Journal on Software Tools for Technology Transfer 2, 98–132 (1998)
Tuinenga, P.: SPICE: A Guide to Circuit Simulation and Analysis Using PSpice, 3rd edn. Prentice-Hall, Englewood Cliffs (1995) ISBN 0-13-158775-7
ISO/IEC TR 13335, Information technology - Guidelines for the management of IT Security: GMITS (1998)
CSE (Canadian Secutiy Establishment), A Guide to Security Risk Management for IT Systems, Government of Canada (1996)
MacDonald, D., Mackay, S. (eds.): Practical Hazops, Trips and Alarms (Paperback). Butterworth-Heinemann, Butterworths (2004)
RAC, Fault Tree Analysis Application Guide (1991)
CMU, OCTAVE (Operationally Critical Threat, Assets and Vulnerability Evalustion) (December 2001)
Dimitrakos, T., Bicarregui, J., Stolen, K.: CORAS - a framework for risk analysis of security critical systems. ERCIM News 49, 25–26 (2002)
Bang, Y.-H., Jung, Y.J., Kim, I., Lee, N., Lee, G.S.: Design and Development of a Risk Analysis Automatic Tool. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 491–499. Springer, Heidelberg (2004)
CRAMM, http://www.cramm.com
Palisade Corporation, @RISK, http://www.palisade.com
Countermeasures, Inc., The Buddy System, http://www.buddysystem.net
Information Security Management, Part 2. Specification for Information Security Management System, British Standards Institution (BSI)
BSI (2003), http://www.bsi.bund.de/english/gshb/manual/index.htm
Dubendorfer, T., Wagner, A., Plattner, B.: An Economic Damage Model for Large Scale Internet Attacks. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprise (WET ICE 2004), pp. 1524–4547 (2004)
Kim, I.J., Chung, Y.J., Lee, Y.G., Won, D.: A time-variant risk analysis and damage estimation for large-scale network systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 92–101. Springer, Heidelberg (2005)
Kim, I.J., Jung, Y.J., Park, J.G., Won, D.: A Study on Security Risk Modeling over Information and Communication Infrastructure. In: SAM 2004, pp. 249–253 (2004)
Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing. In: Proceedings of the 2003 ACM workshop on Rapid Malcode, pp. 24–33. ACM Press, New York (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, I., Chung, Y., Lee, Y., Im, E.G., Won, D. (2006). Information System Modeling for Analysis of Propagation Effects and Levels of Damage. In: Gavrilova, M., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3982. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751595_7
Download citation
DOI: https://doi.org/10.1007/11751595_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34075-1
Online ISBN: 978-3-540-34076-8
eBook Packages: Computer ScienceComputer Science (R0)