This paper proposes a novel approach to help computing system administrators in monitoring the security of their systems. The approach is based on modeling the system as a privilege graph exhibiting operational security vulnerabilities and on transforming this privilege graph into a Markov chain corresponding to all possible successful attack scenarios. A set of tools has been developed to support this approach and to provide automatic security evaluation of Unix systems in operation.
- Quantitative security evaluation
- privilege graph
- probabilistic assessment
Marc Dacier is now at IBM Zürich Research Laboratory, Säumerstrasse 4, CH-8803 Rüschlikon, Switzerland.
Dacier, M. (1994) Towards Quantitative Evaluation of Computer Security Doctoral Thesis, Institut National Polytechnique de Toulouse, December 20, LAAS Rep. 94488 (in French).
Dacier, M. and Deswarte, Y. (1994) The Privilege Graph: an Extension to the Typed Access Matrix Model, in European Symposium in Computer Security (ESORICS’94), Lecture Notes in Computer Science, 875, Springer-Verlag, Brighton, UK, 319–334.
Dacier, M.,Deswarte, Y. and Kaâniche, M. (1995) Models and Tools for Quantitative Assessment of Operational Security LAAS-CNRS, LAAS Report, N°95353.
Farmer, D. and Spafford, E. H. (1990) The COPS Security Checker System, in the Summer Usenix Conference, Anaheim, CA, USA.
Heydon, C. A. (1992) Processing Visual Specifications of File System Security, Ph.D. Thesis, School of Computer Science, CMU-CS-91–201, PA, USA.
Jagannathan, R., Lunt, T., Anderson, D., Dodd, C., Gilham, F., Jalali, C., Javitz, H., Neumann, P., Tamaru, A. and Valdes, A. (1993) System Design Document: Next-Generation Intrusion Detection Expert System (NIDES) SRI, Contract N0039–92-C-0015.
Lunt, T. F.,Tamaru, A., Gilham, F., Jagannathan, R., Neumann, P. G. and Jalali, C. (1990) IDES: A Progress Report, inthe Sixth Annual Comp. Security Applications, Tucson, USA.
Metge, S., Aguéra, M., Arlat, J., Bachmann, S., Bourdeau, C., Doucet, J.-E., Kanoun, K., Laprie, J.-C., Moreira de Souza, J., Powell, D. and Spiesser, P. (1994) SURF-2: A Program for Dependability Evaluation of Complex Hardware and Software Systems, in 23rd Int. Symp. on Fault-Tolerant Computing (FTCS-23), Toulouse, France, 668–673.
Editors and Affiliations
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Dacier, M., Deswarte, Y., Kaâniche, M. (1996). Models and tools for quantitative assessment of operational security. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive