A multi-objective decision support framework for simulation-based security control selection

Elmar Kiesling, Christine Strauß, Christian Stummer

Veröffentlichungen: Beitrag in BuchBeitrag in KonferenzbandPeer Reviewed

Abstract

In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls. We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers' risk preferences. This framework comprises (i) ontological modeling of security knowledge, (ii) dynamic attack graph generation techniques, (iii) probabilistic simulation of attacks by goal-driven threat agents, (iv) meta-heuristic identification of efficient portfolios of information security controls, and (v) interactive decision support. These components facilitate novel techniques to infer possible routes of attacks and generate attack graphs based on attackers' motivation, objectives, capabilities, and available modes of entry and to use this inferred knowledge to simulate attacks on an organization's modeled infrastructure. The method supports decision makers evaluating potential security control investments in striking a balance between monetary and non-monetary criteria regarding risks, costs, and benefits. We are currently in the process of developing a prototypical implementation of the framework that will be used to evaluate the approach through application case studies.

OriginalspracheEnglisch
TitelProceedings - 2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Seiten454-462
Seitenumfang9
DOIs
PublikationsstatusVeröffentlicht - 26 Nov. 2012
Veranstaltung2012 7th International Conference on Availability, Reliability and Security, ARES 2012 - Prague, Tschechische Republik
Dauer: 20 Aug. 201224 Aug. 2012

Konferenz

Konferenz2012 7th International Conference on Availability, Reliability and Security, ARES 2012
Land/GebietTschechische Republik
OrtPrague
Zeitraum20/08/1224/08/12

ÖFOS 2012

  • 102016 IT-Sicherheit
  • 101015 Operations Research
  • 502050 Wirtschaftsinformatik

Zitationsweisen