1st International Workshop on
Resilience Assessment of Critical Infrastructures
Keynote
Making
Sound Cyber Security Decisions through a Quantitative Metrics
Approach
William H.
Sanders
Donald Biggar Willett Professor of Engineering
Electrical and Computer
Engineering Dept.,
Computer Science Dept.,
Information Trust Institute, and
Coordinated Science Laboratory University of Illinois
Making sound security
decisions when designing, operating, and maintaining
a complex system is a challenging task. Analysts need to be able to
understand and predict how different factors a�ffect the overall system
security. During system design, security analysts want to compare the
security of multiple proposed system architectures. After a system is
deployed, analysts want to determine where security enhancement should
be
focused by examining how the system is most likely to be successfully
penetrated. And when several security enhancement options are being
considered, analysts would like to evaluate the relative merits of
each.
In each of these scenarios, quantitative security metrics could provide
insight on system security and aid security decisions. Quantitative
metrics enable ranking the alternatives to determine the best option.
Quantitative assessments of system security are also valuable for risk
management trade-off decisions.
To provide insight on
system security and aid decision-makers, we propose
the ADversary VIew Security Evaluation (ADVISE) method to
quantitatively
evaluate the strength of a system's security. Our approach is to create
an
executable state-based security model of a system. The security model
is
initialized with information characterizing the system and the
adversaries
attacking the system. The model then simulates the attack behavior of
the
adversaries to produce a quantitative assessment of system security
strength. This talk describes the system and adversary characterization
data that are collected as input for the executable model. It also
describes the simulation algorithms for adversary attack behavior and
the
computation for the probability that an attack attempt is successful. A
simple case study illustrates how to analyze system security using the
ADVISE method. A tool is currently under development to facilitate
automatic model generation and simulation. The ADVISE method aggregates
security-relevant information about a system and its adversaries to
produce a quantitative security analysis useful for holistic system
security decisions.
William
H. Sanders
is a Donald Biggar Willett Professor of Engineering and
the Director of the Coordinated Science Laboratory at the University of
Illinois. He is a professor in the Department of Electrical and
Computer
Engineering and Affiliate Professor in the Department of Computer
Science.
He is a Fellow of the IEEE and the ACM. He is a past Chair of the IEEE
Technical Committee on Fault-Tolerant Computing and past Vice-Chair of
the
IFIP Working Group 10.4 on Dependable Computing. In addition, he serves
on
the editorial board of Performance Evaluation.
Dr. Sanders's research
interests include
performance/dependability/security evaluation, dependable and secure
computing, and reliable distributed systems. He has published more than
200 technical papers in these areas. He is currently the Director and
PI
of the DOE/DHS TCIPG Center, aimed at making the power grid resilient
to
attacks and failures. He is a co-developer of three tools for assessing
computer-based systems: METASAN, UltraSAN, and Möbius.
Möbius and UltraSAN
have been distributed widely to industry and academia; more than 500
licenses for the tools have been issued to universities, companies, and
NASA for evaluating the performance, dependability, and security of a
variety of systems.
Please contact raci@dei.uc.pt
for aditional information.