Abstract
Systems and software architects require quantitative dependability evaluations, which allow them to compare the effect of their design decisions on dependability properties. For security, however, quantitative evaluations have proven difficult, especially for component-based systems. In this paper, we present a risk-based approach that creates modular attack trees for each component in the system. These modular attack trees are specified as parametric constraints, which allow quantifying the probability of security breaches that occur due to internal component vulnerabilities as well as vulnerabilities in the component’s deployment environment. In the second case, attack probabilities are passed between system components as appropriate to model attacks that exploit vulnerabilities in multiple system components. The probability of a successful attack is determined with respect to a set of attack profiles that are chosen to represent potential attackers and corresponding environmental conditions. Based on these attack probabilities and the structure of the modular attack trees, risk measures can be estimated for the complete system and compared with the tolerable risk demanded by stakeholders. The practicability of this approach is demonstrated with an example that evaluates the confidentiality of a distributed document management system.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
