Author(s)

S. H. Houmb & K. Sallhammar

Abstract

Recently, the need for techniques for quantification of security attributes of IKT systems has been raised. This relates both to security requirements in QoS architectures, as well as input to trade-off analysis regarding the design and choice of security mechanisms to comply with an established security policy. Early research in this area has focused on state transitionmodels, such asMarkov or semi-Markov models. In the dependability domain these techniques are used to measure values such as mean time between failures (MTBF), and to quantify frequency and consequences of risks. The dynamics of security attacks makes it intractable to use, due to the problems with state explosions. To be able to express the complete state space of a security critical system, one needs to consider not only hardware, operating system, and application/services faults, but also the survivability of the system in terms of intentional and accidental security breaches. In this paper, we build a stochastic prediction system to estimate the system integrity of a security critical system. We make use of Colored Petri Nets (CPN), a higher-level formalism for stochastic modeling, analysis, and simulation. The prediction system is implemented as a generic and hierarchic CPN model. Keywords: Colored Petri Nets, stochastic modeling, operational security, quantifi- cation of risk, risk management 1 Introduction System integrity is the property that a system performs its intended function in an unimpaired manner, free from deliberate or accidental unauthorized manipulation of the system and its data. The ISO 15408 \“Common Criteria” standard [1] pro-

Keywords

Colored Petri Nets, stochastic modeling, operational security, quantifi- cation of risk, risk management