A Simulation-Driven Approach for Assessing Risks of Complex Systems (Contributo in atti di convegno)

Type
Label
  • A Simulation-Driven Approach for Assessing Risks of Complex Systems (Contributo in atti di convegno) (literal)
Anno
  • 2011-01-01T00:00:00+01:00 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#doi
  • 10.1145/1978582.1978590 (literal)
Alternative label
  • Sgandurra D. [1], Baiardi F. [2], Telmon C. [2] (2011)
    A Simulation-Driven Approach for Assessing Risks of Complex Systems
    in 13th European Workshop on Dependable Computing, Pisa, Toscana, Italy, 11-12 May, 2011
    (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori
  • Sgandurra D. [1], Baiardi F. [2], Telmon C. [2] (literal)
Pagina inizio
  • 35 (literal)
Pagina fine
  • 40 (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#altreInformazioni
  • ID_PUMA: cnr.iit/2011-A2-011 (literal)
Note
  • Scopu (literal)
Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni
  • [1] CNR-IIT, Pisa, Italy; [2] Dipartimento di Informatica, Università di Pisa, Italy (literal)
Titolo
  • A Simulation-Driven Approach for Assessing Risks of Complex Systems (literal)
Abstract
  • The most critical steps in the risk assessment of a system are the discovery of attacks against the system as well as the computation of the probabilities that attacks are successful and their impacts. We present a framework to support these steps driven by a detailed simulation of the attacks implemented by intelligent threat agents. The framework can evaluate the role of factors such as the probability of discovering a vulnerability, the resources available to agents, how an agent composes attacks into plans to reach a goal. The agents and their plans are described through a proper extension of attack graphs. A simulation defined in terms of attack graphs can fully exploit an important feature of these graphs, namely their ability of describing both attack plans and the countermeasures to stop these plans. Furthermore, a simulation-driven approach can evaluate how the availability of information about the system implementation influences the success of attack plans. Finally, we describe the tools that implement the simulation and that produce statistics about both attack plans that have been successfully implemented and the resulting risk for the system owner. (literal)
Editore
Prodotto di
Autore CNR
Insieme di parole chiave

Incoming links:


Prodotto
Autore CNR di
Editore di
Insieme di parole chiave di
data.CNR.it