M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Diversity against Accidental and Deliberate Faults - Deswarte, Kanoun, Laprie (1998) (4 citations) (Correct)
....to benefit from other users expertise. If these features are correctly used, they can even improve security (examples are given in [15] It is thus important to assess the influence of user behavior on the system security. A quantitative evaluation method has been developed for this purpose [14]. Measurements provided by this approach aim at representing as accurately as possible the security of the system in operation, i.e. its ability to resist possible attacks, or equivalently, the difficulty for an attacker to exploit the vulnerabilities present in the system and defeat the security ....
M. Dacier, "Towards Quantitative Evaluation of Computer Security", Doctoral Thesis. In French: INP, Toulouse, 1994.
Experimenting with Quantitative Evaluation Tools for.. - Rodolphe Ortalo (1998) (18 citations) (Correct)
....it is more important to know if the security of a given system is improving or decaying than to compare the security of independent systems, with different objectives, applications, users, environments, etc. A theoretical framework has been developed at LAAS to identify and compute such measures [1, 2]. This framework is based on: 1) a theoretical model, the privilege graph, exhibiting the system vulnerabilities, 2) a definition of the security objectives, 3) a mathematical model based on Markov chains to compute the security measures. To demonstrate the practical feasibility of the approach, ....
....case where only the second path exists) This result illustrates the fact that the addition of new paths leading to the target in the privilege graph surely leads to a decrease of METF TM which indicates security degradation. This result can be easily generalized, further details can be found in [2]. However, assumption ML leads to a different behavior since METF ML may increase or decrease depending on the values of the parameters. For instance, METF ML is lower than only if , i.e. when the mean effort spent in obtaining the privileges of node D from node C is lower than the mean ....
M. Dacier, Towards Quantitative Evaluation of Computer Security, Doctoral Thesis, LAAS Report 94488 (in French), Institut National Polytechnique de Toulouse, December 1994.
Experimenting with Quantitative Evaluation Tools for.. - Rodolphe Ortalo (1998) (18 citations) (Correct)
....the security of a given system is improving or decaying than to compare the security of independent systems, with different objectives, applications, users, environments, etc. A theoretical framework has been developed at LAAS to identify and compute such measures [Dacier, Deswarte et al. 1996a, Dacier 1994] This framework is based on: 1) a theoretical model, the privilege graph, exhibiting the system vulnerabilities, 2) a definition of the security objectives, 3) a mathematical model based on Markov chains to compute the security measures. To demonstrate the practical feasibility of the approach, ....
....case where only the second path exists) This result illustrates the fact that the addition of new paths leading to the target in the privilege graph surely leads to a decrease of METF TM which indicates security degradation. This result can be easily generalized, further details can be found in [Dacier 1994]. However, assumption ML leads to a different behavior since METF ML may increase or decrease depending on the values of the parameters. For instance, METF ML is lower than only if , i.e. when the mean effort spent in obtaining the privileges of node D from node C is lower than the mean ....
M. Dacier, Towards Quantitative Evaluation of Computer Security, Doctoral Thesis, LAAS Report 94488 (in French), Institut National Polytechnique de Toulouse, December 1994.
Two Formal Analyses of Attack Graphs - Jha Computer Sciences (2002) (8 citations) (Correct)
No context found.
M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
Minimization and Reliability Analyses of Attack Graphs - Somesh Jha Oleg (2002) (1 citation) (Correct)
No context found.
M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
Tools for Generating and Analyzing Attack Graphs - Oleg Sheyner And (2004) (1 citation) (Correct)
No context found.
M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
Global Intrusion Detection in the DOMINO Overlay System - Yegneswaran, Barford, Jha (2004) (9 citations) (Correct)
No context found.
M. Dacier. Towards Quantitative Evaluation of Computer Security. PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC