Evolving secure information systems through attack simulation

Autor(en)
Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strauss, Christian Stummer
Abstrakt

In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization.
Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.

Organisation(en)
Institut für Rechnungswesen, Innovation und Strategie
Externe Organisation(en)
Technische Universität Wien, Secure Business Austria (SBA), Universität Bielefeld
Seiten
4868-4877
Anzahl der Seiten
10
DOI
https://doi.org/10.1109/HICSS.2014.597
Publikationsdatum
2014
Peer-reviewed
Ja
ÖFOS 2012
107007 Risikoforschung, 102016 IT-Sicherheit
Schlagwörter
ASJC Scopus Sachgebiete
Allgemeiner Maschinenbau
Link zum Portal
https://ucrisportal.univie.ac.at/de/publications/f91d2961-e2c1-4743-95b1-d0b02466facb