Example Model Template

From Mobius Wiki
Revision as of 17:49, 17 June 2015 by Svaitha (talk | contribs)
Jump to: navigation, search

Basic Information

  • Example Name: My Example
  • Mobius Version: Which version of Mobius this model was built on (ie. known good for)
  • Contributor(s): Elizabeth LeMay, Michael D. Ford, Ken Keefe, William H. Sanders
  • Contact Information: kjkeefe@illinois.edu
  • Web URL: http://www.mobius.illinois.edu
  • Associated Paper: Paper title - publication venue - URL

DOWNLOAD

Description

System architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and its adversaries. To provide such metrics, we formally define the ADversary VIew Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the results of such an attack. The attack decision function uses information about adversary attack preferences and possible attacks against the system to mimic how the adversary selects the most attractive next attack step. The adversary’s decision involves looking ahead some number of attack steps. System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. We demonstrate the feasibility and benefits of ADVISE using a case study. To produce quantitative model-based security metrics, we have implemented the ADVISE method in a tool that facilitates user input of system and adversary data and automatically generates executable models.

Additional Details

This is a great place to put any additional comments or details you may have about the model. Perhaps what you'd like to do in the future with this work. This is also a good place to put images of your model components.

Basic Information[edit]

  • Example Name: My Example
  • Mobius Version: Which version of Mobius this model was built on (ie. known good for)
  • Contributor(s): Elizabeth LeMay, Michael D. Ford, Ken Keefe, William H. Sanders
  • Contact Information: kjkeefe@illinois.edu
  • Web URL: http://www.mobius.illinois.edu
  • Associated Paper: Paper title - publication venue - URL

DOWNLOAD

Description[edit]

System architects need quantitative security metrics to make informed trade-off decisions involving system security. The security metrics need to provide insight on weak points in the system defense, considering characteristics of both the system and its adversaries. To provide such metrics, we formally define the ADversary VIew Security Evaluation (ADVISE) method. Our approach is to create an executable state-based security model of a system and an adversary that represents how the adversary is likely to attack the system and the results of such an attack. The attack decision function uses information about adversary attack preferences and possible attacks against the system to mimic how the adversary selects the most attractive next attack step. The adversary’s decision involves looking ahead some number of attack steps. System architects can use ADVISE to compare the security strength of system architecture variants and analyze the threats posed by different adversaries. We demonstrate the feasibility and benefits of ADVISE using a case study. To produce quantitative model-based security metrics, we have implemented the ADVISE method in a tool that facilitates user input of system and adversary data and automatically generates executable models.

Additional Details[edit]

This is a great place to put any additional comments or details you may have about the model. Perhaps what you'd like to do in the future with this work. This is also a good place to put images of your model components.

Retrieved from "https://www.mobius.illinois.edu/wiki/index.php?title=Example_Model_Template&oldid=815"