1st International Workshop on
Resilience Assessment of Critical Infrastructures

April 25th 2011, São José dos Campos, SP, Brazil
in conjunction with with the 5th Latin-American Symposium on Dependable Computing (LADC 2011)

Scope          Program          Keynote          Panel          Organizing Committees


Making Sound Cyber Security Decisions through a Quantitative Metrics Approach

William H. Sanders 
Donald Biggar Willett Professor of Engineering 

Electrical and Computer Engineering Dept.,
Computer Science Dept.,
Information Trust Institute, and
Coordinated Science Laboratory University of Illinois 

Making sound security decisions when designing, operating, and maintaining a complex system is a challenging task. Analysts need to be able to understand and predict how different factors a ffect the overall system security. During system design, security analysts want to compare the security of multiple proposed system architectures. After a system is deployed, analysts want to determine where security enhancement should be focused by examining how the system is most likely to be successfully penetrated. And when several security enhancement options are being considered, analysts would like to evaluate the relative merits of each. In each of these scenarios, quantitative security metrics could provide insight on system security and aid security decisions. Quantitative metrics enable ranking the alternatives to determine the best option. Quantitative assessments of system security are also valuable for risk management trade-off decisions. 

To provide insight on system security and aid decision-makers, we propose the ADversary VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a system's security. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. This talk describes the system and adversary characterization data that are collected as input for the executable model. It also describes the simulation algorithms for adversary attack behavior and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tool is currently under development to facilitate automatic model generation and simulation. The ADVISE method aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions. 

William H. Sanders is a Donald Biggar Willett Professor of Engineering and the Director of the Coordinated Science Laboratory at the University of Illinois. He is a professor in the Department of Electrical and Computer Engineering and Affiliate Professor in the Department of Computer Science. He is a Fellow of the IEEE and the ACM. He is a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing and past Vice-Chair of the IFIP Working Group 10.4 on Dependable Computing. In addition, he serves on the editorial board of Performance Evaluation. 

Dr. Sanders's research interests include performance/dependability/security evaluation, dependable and secure computing, and reliable distributed systems. He has published more than 200 technical papers in these areas. He is currently the Director and PI of the DOE/DHS TCIPG Center, aimed at making the power grid resilient to attacks and failures. He is a co-developer of three tools for assessing computer-based systems: METASAN, UltraSAN, and Möbius. Möbius and UltraSAN have been distributed widely to industry and academia; more than 500 licenses for the tools have been issued to universities, companies, and NASA for evaluating the performance, dependability, and security of a variety of systems. 

Please contact raci@dei.uc.pt for aditional information.