A property based security risk analysis through weighted simulation

Abstract

The estimation of security risks in complex information and communication technology systems is an essential part of risk management processes. A proper computation of risks requires a good knowledge about the probability distributions of different upcoming events or behaviours. Usually, technical risk assessment in Information Technology (IT) systems is concerned with threats to specific assets. However, for many scenarios it can be useful to consider the risk of the violation of particular security properties. The set of suitable qualities comprises authenticity of messages or non-repudiability of actions within the system but also more general security properties like confidentiality of data. Furthermore, as current automatic security analysis tools are mostly confined to a technical point of view and thereby missing implications on an application or process level, it is of value to facilitate a broader view including the relation between actions within the IT system and their external influence. The property based approach aims to help assessing risks in a process-oriented or service level view of a system and also to derive a more detailed estimation on a technical level. Moreover, as systems' complexities are growing, it becomes less feasible to calculate the probability of all patterns of a system's behaviour. Thus, a model based simulation of the system is advantageous in combination with a focus on precisely defined security properties. This paper introduces the first results supporting a simulation based risk analysis tool that enables a security property oriented view of risk. The developed tool is based on an existing formal validation, verification and simulation tool, the Simple Homomorphism Verification Tool (SHVT). The new simulation software provides a graphical interface for a monitor automaton which facilitates the explicit definition of security properties to be investigated during the simulation cycles. Furthermore, in order to model different likelihoods of actions in a system, weighting factors can be used to sway the behaviour where the occurrence of events is not evenly distributed. These factors provide a scheme for weighting classes of transitions. Therefore, the tool facilitates probabilistic simulation, providing information about the probability distribution of satisfaction or violation of specified properties.