Till sidans topp

Sidansvarig: Webbredaktion
Sidan uppdaterades: 2012-09-11 15:12

Tipsa en vän
Utskriftsversion

An Attempt to Quantitativ… - Göteborgs universitet Till startsida
Webbkarta
Till innehåll Läs mer om hur kakor används på gu.se

An Attempt to Quantitative Modelling of Behavioural Security

Artikel i vetenskaplig tidskrift
Författare Erland Jonsson
Mikael Andersson
Søren Asmussen
Publicerad i Proceedings of the 11th International Information Security Conference - IFIP/SEC 1995
Volym addendum
Sidor 44-57
Publiceringsår 1995
Publicerad vid Institutionen för matematik
Sidor 44-57
Språk en
Ämnesord behavioural security, dependability, measure, markov modelling, computer system
Ämneskategorier Data- och informationsvetenskap

Sammanfattning

This paper suggests a quantitative approach to security, and specifically to a security-concept, which is regarded as an attribute of dependability together with reliability, availability and safety. We note that security is a more complex attribute of dependability than are the other three, and that it can therefore be split into preventive and behavioural aspects. We show that, in addition to availability, confidentiality could be used to denote a new type of behavioural aspect of dependability. Integrity is interpreted in terms of fault prevention, and is not directly related to system behaviour. A practical measure for behavioural dependability attributes including confidentiality is defined. Due to the dependability viewpoint of security that we take, a measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. The measure quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple Reference Monitor example is given to illustrate the use of the measure. The calculation method is then extended to handle situations with non–exponential failure rates, which is the normal case in security applications, by means of using phase–type modelling. This is illustrated by introducing malicious software, such as a Trojan Horse into the Reference Monitor.

Sidansvarig: Webbredaktion|Sidan uppdaterades: 2012-09-11
Dela:

På Göteborgs universitet använder vi kakor (cookies) för att webbplatsen ska fungera på ett bra sätt för dig. Genom att surfa vidare godkänner du att vi använder kakor.  Vad är kakor?