Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EMS
2008
IEEE
2008
IEEE
Threat Modeling Revisited: Improving Expressiveness of Attack
Threat modeling plays an important role in the deployment of optimal security controls and a number of threat modeling techniques have been proposed. However, most of the existing techniques lack adequate semantics and expressiveness. This paper reviews the existing techniques and proposes threat net; a technique based on information and causality theory concepts which offers improved expressiveness and semantics of threat models. Threat Net is built on Petri nets and treats every node in the threat path as a random variable, whose values include time specific attacker profile and system defense capabilities. In theory, by computing the expected value of random events one can estimate the cost of achieving a given goal. We believe that the simplicity and richness of our technique will make it attractive to security experts. In future we hope to validate threat net using case-based analysis theory. Key Words: Threat Net, Expressiveness, Semantics, Petri Nets, Threat-Centric, Attack-Cen...
Real-time TrafficRelated Content
| Added | 19 Oct 2010 |
| Updated | 19 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | EMS |
| Authors | Drake Patrick Mirembe, Maybin K. Muyeba |
Comments (0)
Researcher Info
|
