Brocklehurst, S., Littlewood, B., Olovsson T. and Jonsson, E. On measurement of operational security. Proc. 9  Home/Search   Document Details and Download   Summary   Related Articles   Check

....quantification of security. It is important to find a security quantifier not only to compare systems with one another but also to analyze and design electronic business applications. Most work related to the quantification of security focuses on special areas of security. Brocklehurst et al. [3] consider the measurement of operational security comparing the security with the reliability of a system. Following this approach it is possible to use existing methods of checking software reliability. Bhargava and Bhargava [2] attempt to quantify the quality of service in electronic commerce ....

S. Brocklehurst, B. Littlewod, T. Olovsson, and E. Jonsson. On measurement of operational security. In Proc. of the 9th Annual Conference on Computer Assurance, COMPASS'94, 1994.

....reliability modeling is a successful attempt to give quantitative measures of software systems. In the broadest sense, security is one of the aspects of reliability. A system is likely to be more reliable if it is more secure. One of the pioneering efforts to integrate security and reliability is [2]. In this paper, these similarities between security and reliability were observed. Security Reliability Vulnerabilities Faults Breach Failure Fail upon attack effort spent Fail upon usage time elapsed Fig. 1. Analogy between Reliability and Security Thus, we have security function, effort ....

Sarah Brocklehurst, Bev Littlewood, Tomas Olovsson and Erland Jonsson. "On Measurement of Operational Security". In Proceedings of the Ninth Conference on Computer Assurance (COMPASS'94): Safety, Reliability, Fault Tolerance and Real Time, Security, p.257-266.

....9 concludes the paper. 2. BACKGROUND In 1992, an EU research project was started with the intent of finding quantitative measures of operational security. For that purpose, empirical data was needed. To gather such data, practical intrusion experiments were conducted. For the first experiment [2], which is referred to in this paper as the feasibility study, the primary goal was to investigate whether it would be possible to gather data for security modeling. This study was successful in many respects. First, we found that students are indeed able to break into a standard system within a ....

....in the earlier experiments, could be eliminated from the system. In 1998, our increased research interest in intrusion detection was reflected in the course. The students would construct a small intrusion detection system using an expert system tool. 3. FEASIBILITY STUDY The feasibility study [2] (sometimes referred to as the pilot experiment) was intended as a pure research activity and conducted during the spring of 1993. The goal was to determine whether it would be possible for students to break into a normal system and how data from these attacks could be collected for quantitative ....

[Article contains additional citation context not shown here]

Sarah Brocklehurst, Bev Littlewood, Tomas Olovsson, and Erland Jonsson. On measurement of operational security. In Proceedings of the Ninth Annual Conference on Computer Assurance, COMPASS'94, pages 257--266, Gaithersburg, MD, USA, June 27-July 1 1994. IEEE.

....then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. Those have been gathered from intrusion experiments carried out at the department of Computer Engineering at Chalmers University of Technology for data collection purposes [3], 20] or from our own system analysis [7] Some data has been taken from other publicly available sources. For the comparison of the vulnerabilities of the two systems, we have used a taxonomy of intrusion techniques suggested by Lindquist and Jonsson [15] The taxonomy has proven useful for ....

Sarah Brocklehurst, Bev Littlewood, Tomas Olovsson and Erland Jonsson, On Measurement of Operational Security. In COMPASS 94, 9th Annual IEEE Conference on Computer Assurance, Gaithersburg, pp.257-66, IEEE Computer Society, 1994.

....work, another objective of the experiment was to gain some general knowledge of the intrusion process and the exploited vulnerabilities by studying and elaborating the data collected. These results have been reported in [16] Such data were also recovered from a preceding pilot experiment [15] [2], the intention of which was to see whether experiments of this type were at all feasible, and if so, to obtain valuable information on how they should be carried out. In the following, the experiment is outlined in Section 2. The data recorded are presented and classified in Section 3 and ....

....or effort involved in making each breach. It could be compared with the value of the breach to the attacker, or to some other party such as the owner. Note that the value to the attacker ( the reward ) may not necessarily be directly related to the corresponding value to the owner ( the loss ) [2]. Furthermore, there exists no established method to rank breaches with respect to their seriousness, and it is not even clear that it is possible to define such a measure unambiguously. Thus, in this first approach, we consider all breaches to be equivalent. We are confident that the second ....

S. Brocklehurst, B. Littlewood, T. Olovsson, and E. Jonsson, "On Measurement of Operational Security," COMPASS '94, Proc. Ninth Ann. IEEE Conf. Computer Assurance, Gaithersburg, ISBN 07803 -1855-2, IEEE Computer Society, pp. 257-266, 1994.

....use for laboratory courses at the Department of Computer Engineering at Chalmers in Sweden. The system consisted of 24 SUN ELC disk less workstations and a file server, all running SunOS 4.1.2 or SunOS 4.1.3 U1. The system was configured as delivered, with no special security enhancing features [Broc94]. The attackers, who worked in pairs, were given an account on the system thus, they were insiders and were encouraged to perform as many intrusions as possible. Their activities were limited by a set of rules meant to avoid disturbing other users of the system and to ensure that the ....

Sarah Brocklehurst, Bev Littlewood, Tomas Olovsson, and Erland Jonsson. "On measurement of operational security." In Proceedings of the Ninth Annual Conference on Computer Assurance (COMPASS '94), pages 257-266, Gaithersburg, Maryland, USA, June 27-July 1, 1994.

No context found.

Brocklehurst, S., Littlewood, B., Olovsson T. and Jonsson, E. On measurement of operational security. Proc. 9

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson and E. Jonsson, "On Measurement of Operational Security". Proc. 9th Annual IEEE Conference on Computer Assurance, Gaithersburg, pp. 257-66, IEEE Computer Society, 1994.

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson, and E. Johsson, On Measurement of Operational Security, Proceedings of the 9th Annual Conference on Computer Assurance (1994).

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson and E. Johsson, On Measurement of Operational Security, Proceedings of Annual Conference on Computer Assurance (1994).

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson, and E. Johsson, On Measurement of Operational Security, Proceedings of the 9th Annual Conference on Computer Assurance (1994).

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson and E. Johsson, On Measurement of Operational Security, Proceedings of Annual Conference on Computer Assurance (1994).

No context found.

S. Brocklehurst, B. Littlewood, T. Olovsson and E. Jonsson, "On Measurement of Operational Security". Proc. 9th Annual IEEE Conference on Computer Assurance, Gaithersburg, pp. 257-66, IEEE Computer Society, 1994.

No context found.

Sarah Brocklehurst, Bev Littlewood, Tomas Olovsson and Erland Jonsson. "On Measurement of Operational Security". In Proceedings of the Ninth Conference on Computer Assurance (COMPASS'94): Safety, Reliability, Fault Tolerance and Real Time, Security, p.257-266.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC