Enterprise Security Metrics with the ADVISE Meta Model Formalism

Keefe, Ken; Feddersen, Brett; Sanders, William; Muehrcke, Carol; Parks, Donald; Crapo, Andrew; Gabaldon, Alfredo; Palla, Ravi

Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article

Enterprise Security Metrics with the ADVISE Meta Model Formalism

Authors:
Ken Keefe
Brett Feddersen
William Sanders
Carol Muehrcke
Donald Parks
Andrew Crapo
Alfredo Gabaldon
Ravi Palla

Keywords: Quantitative Security Analysis; State-based Security Model; Discrete Event Simulation; Adversary Behavior Model

Abstract:
Building secure, complex systems is a daunting task. The ADversary VIew Security Evaluation (ADVISE) formalism was designed to offer a model of an adversary attacking a system. As currently implemented in Mobius, ADVISE provides a rich and flexible system security model that, with the other features of Mobius, offers quantitative security metrics. For large systems, constructing realistic ADVISE models can be tedious and impractical. To remedy this issue, we propose the ADVISE meta modeling formalism. An ADVISE meta model is used, with the Mobius framework, to generate ADVISE models and other Mobius components from a higher level model constructed from components, adversaries, and metrics provided by associated Web Ontology Language libraries. This paper briefly reviews Mobius and ADVISE, then introduces the ADVISE meta modeling formalism.

Pages: 65 to 66

Copyright: Copyright (c) IARIA, 2015

Publication date: August 23, 2015

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-427-5

Location: Venice, Italy

Dates: from August 23, 2015 to August 28, 2015