A Framework for a Uniform Quantitative Description of Risk with Respect to Safety and Security

Abstract

A mathematical framework is presented that describes risk in the context of safety and security problems quantitatively and in an integrative way. Great importance is laid on a clear notation with a sound semantics. Essentially, this seminal contribution is a substantially expanded version of our short paper “A quantitative risk model for a uniform description of safety and security”, which we presented to the 10th Future Security 2015 in Berlin (A quantitative risk model for a uniform description of safety and security. In: Proceedings of the 10th Future security—security research conference, pp 317–324, 2015). The key concept of this paper is a quantitative formulation of risk. Uncertainties are modelled based on probability distributions. Risk due to purely stochastic sources of danger is based on objective notions of probabilities and costs whereas risks of individuals (intelligent agents) are described from their own points of view, i.e. in a fully subjective manner, since individuals draw their decisions based on their subjective assessments of potential costs and of frequencies of event occurrence. Therefore, probability is interpreted in a Bayesian context as a degree of belief (DoB). Based on a role model for the involved agents with the three roles »source of danger«, »subject of protection« and »protector«, risk is modelled quantitatively using statistical decision theory and game theory. The set D of sources of danger is endowed with a DoB-distribution describing the probability of occurrence. D is partitioned into subsets that describe dangers which are due to random causes, carelessness and intention. A set of flanks of vulnerability F is assigned to each subject of protection. These flanks characterize different aspects of vulnerability concerning mechanical, physiological, informational, economical, reputational, psychological, … vulnerability. The flanks of vulnerability are endowed with conditional DoBs that describe to which degree an incidence or an attack will be harmful. Additionally, each flank of vulnerability is endowed with a cost function that quantifies the costs which are charged to the subject of protection, if it is affected by a harmful incidence or attack. With these ingredients the risk for the subject of protection can be quantified based on an ensemble functional with respect to all sources of danger and to all flanks of vulnerability. Depending of the respective subset of dangers such a functional is an expectation (case of random causes and carelessness) or a selection operation (case of intention), where in the latter case the attack will presumably take place at the weakest flank of vulnerability. The calculated risk can be opposed to the cost of protection measures that are offered by the protector in order to foster an effective and economical invest decision. From an attacker’s point of view a utility function is formulated which a rational attacker presumably would use to evaluate his cost-benefit ratio in order to decide whether he attacks and which of his options he exercises. The challenges of the approach are the determination of the cost functions and especially the estimation of the probabilities (DoBs) of the model. Two approaches for determining DoBs, the Maximum Entropy Principle (MEP) and the Conditioning On Rare Events (CORE), are presented and discussed. The model can be used to simulate and evaluate the endangerment of subjects of protection quantitatively, e.g. using a software agent implementation, where the agents are endowed with the cost functions and the DoBs of the presented framework.