使用攻击图评估SOA安全度量

2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX Pub Date : 2008-06-26 DOI:10.1504/IJCCBS.2010.031712

J. Magott, Marek Woda

{"title":"使用攻击图评估SOA安全度量","authors":"J. Magott, Marek Woda","doi":"10.1504/IJCCBS.2010.031712","DOIUrl":null,"url":null,"abstract":"First, different security metrics are presented. A proposal of risk assessment for service oriented architecture (SOA) is given. This proposal is based on service availability metrics. First metric represents costs (extend of damage), when the service is not available. The second one is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. A model of intrusion detection system is given too.","PeriodicalId":167937,"journal":{"name":"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Evaluation of SOA Security Metrics Using Attack Graphs\",\"authors\":\"J. Magott, Marek Woda\",\"doi\":\"10.1504/IJCCBS.2010.031712\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"First, different security metrics are presented. A proposal of risk assessment for service oriented architecture (SOA) is given. This proposal is based on service availability metrics. First metric represents costs (extend of damage), when the service is not available. The second one is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. A model of intrusion detection system is given too.\",\"PeriodicalId\":167937,\"journal\":{\"name\":\"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJCCBS.2010.031712\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJCCBS.2010.031712","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

首先，介绍了不同的安全度量。提出了面向服务体系结构(SOA)的风险评估方法。此建议基于服务可用性度量。第一个指标表示服务不可用时的成本(损害范围)。第二个是服务可用的概率。给出了利用攻击图模拟计算该概率的基础。攻击图是在入侵者达到其目标的状态下结束的动作的表示。并给出了入侵检测系统的模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluation of SOA Security Metrics Using Attack Graphs

First, different security metrics are presented. A proposal of risk assessment for service oriented architecture (SOA) is given. This proposal is based on service availability metrics. First metric represents costs (extend of damage), when the service is not available. The second one is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. A model of intrusion detection system is given too.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX

自引率

0.00%

发文量