Computer System Survivability Modelling by Using Stochastic Activity Network

  • Eimantas Garsva
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4166)


This article presents the effort to model the computer system security using Stochastic Activity Network (SAN). SAN is a flexible and highly adaptable branch of Stochastic Petri Nets and has a well-developed software tool, Möbius. A known model of incident process and the computer system is adapted and extended. The computer system characterised by the working state and defence mechanism strength is affected by an attack described by using stochastically distributed severity levels. The attempt to bind a stochastic attack severity level to intrusion data parameters collected by Intrusion Detection Systems is presented. The model-based computer system quantitative characteristics are analysed and survivability is chosen to evaluate the modelled computer system security. The article concludes with simulation results and future work guidelines.


Computer System Security Mechanism Input Gate Output Gate Performance Evaluation Process Algebra 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. IFIP TC-11. Computers and Security (1999),
  2. 2.
    Moitra, S.D., Konda, S.L.: A Simulation Model for Managing Survivability of Networked Information Systems. Networked survivable systems. CMU/SEI-2000-TR-020, p. 47 (2000)Google Scholar
  3. 3.
    Moitra, S.D., Konda, S.L.: The Survivability of Network Systems: An Empirical Analysis. CMU/SEI-2000-TR-021, p. 41 (2000)Google Scholar
  4. 4.
    Gupta, V., Lam, V., Ramasamy, H.V., Sanders, W.H., Singh, S.: Stochastic Modeling of Intrusion-Tolerant Server Architectures for Dependability and Performance Evaluation, p. 86 (2003)Google Scholar
  5. 5.
    Formal methods Europe:
  6. 6.
    Virtual library: formal methods:
  7. 7.
  8. 8.
  9. 9.
    Sanders, W.H.: Möbius: Model-Based Environment for Validation of System Reliability, Availability, Security, and Performance. User Manual. Version 1.8.0, p. 212 (2005)Google Scholar
  10. 10.
    Sanders, W.H.: Construction and Solution of Performability models based on Stochastic Activity Networks. Ph.D thesis, University of Michigan, p. 223 (1988)Google Scholar
  11. 11.
    Sanders, W.H., Meyer, J.F.: Stochastic Activity Networks: Formal Definitions and Concepts. In: Brinksma, E., Hermanns, H., Katoen, J.-P. (eds.) EEF School 2000 and FMPA 2000. LNCS, vol. 2090, pp. 315–343. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Williamson, L.: Discrete Event Simulation in the Möbius Modeling Framework. Master’s Thesis. University of Illinois, p. 63 (1998)Google Scholar
  13. 13.
    Avizienis, A., Laprie, J.C., Randell, B.: Basic concepts and taxonomy of dependable and secure computing. Dependable and Secure Computing 1, 11–33 (2004)CrossRefGoogle Scholar
  14. 14.
    Stevens, F., Courtney, T., Singh, S., Agbaria, A., Meyer, J.F., Sanders, W.H., Pal, P.: Model-Based Validation of an Intrusion-Tolerant Information System. In: Proc. 23rd Symp. Reliable Distributed Systems, p. 11 (2004)Google Scholar
  15. 15.
    Sanders, W.H., Meyer, J.F.: A unified approach for specifying measures of Performance, dependability, and performability. In: Dependable Computing for Critical Applications. Dependable Computing and Fault-Tolerant Systems, vol. 4, pp. 215–237. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Baker, A., Beale, J., Caswell, B.: Snort 2.1 Intrusion Detection, 2nd edn., p. 751. Syngress (2004)Google Scholar
  17. 17.
    Howard, J.D.: An analysis of security incidents on the Internet, 1989-1995. Ph.D thesis, Carnegie Mellon University, Department of Engineering and Public Policy (1997),
  18. 18.
    Paulauskas, N., Garsva, E.: Computer System Attack Classification. Electronics and Electrical Engineering, Technology, Kaunas 2(66), 84–87 (2006)Google Scholar
  19. 19.
  20. 20.
    Distributed Intrusion Detection System Reports and Database Summaries:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Eimantas Garsva
    • 1
  1. 1.VGTUVilniusLietuva

Personalised recommendations