A simulation method for multi-level data security analysis

Abstract

A simulation methodology is presented for partitioning data sets of a sensitive data processing system into multi-level security classes according to a ranking of the resulting value to the system's opponents if the security of each data set were compromised. The value of the compromised data sets is determined by using a game-theoretic approach which simulates the environment in which the system under design operates. The same methodology determines the overall level of security achieved by a particular partitioning of the data sets. The methodology is applicable throughout the system life cycle.