Abstract
This paper presents an approach for decision making under security risks in a computer network environment. The proposed method relies on a many sorted algebraic signature and on a rewriting system. This latter is shown to be terminating and yielding a normal form, called the risk analysis equation, that models the cost-benefit balance. Furthermore, a gradual algebraic resolution of the risk analysis equation is described.
This formalism helps security analysts to automate the selection of the optimal security solutions that minimize the residual risk.
Chapter PDF
References
Alberts, C.J., Dorofee, A.J. (2002).Managing Information Security Risks: the OCTAVE Approach, Addison Wesley Professional, ISBN: 0321118863.
Ben Cherifa, A. Lescanne, P. (1987). Termination of Rewriting Systems by Polynomial Interpretations and its Implementation, Science of Computer Programming, 9(2):137–160.
Claßen, I., Ehrig, H., Wolz, D. Algebraic Specification Techniques and Tools for Software Development: the ACT Approach, AMAST Series in Computing (1), ISBN: 981–02-1227–5.
Goguen, J.A., Malcolm, G. (2000). Software Engineering with OBJ: Algebraix Specification in Action, Kluwer Academic Publishers, Boston, ISBN: 0–7923-7757–5.
Hamdi, M., Boudriga, N. (2003). Algebraic Specification of Network Security Risk Management, First ACM Workshop on Formal Methods in Security Engineering, Washington D.C.
Loeckx, J., Ehrich, H-D., Wolf, M. “Specification of Abstract Data Types,” Wiley and Teubner, ISBN: 0–471-95067-X.
Stonebumer, G., Grogen, A., Fering, A. (2002). Risk Management Guide for Information Technology Systems, National Institute for Standards and Technology, Special Publication 80030.
A Guide to Risk Management and Safeguard Selection for IT Systems, Government of Canada, Communications Security Establishment, January 1996.
Information Security Risk Assessment: Practices of Leading Organizations, United States General Accounting Office, GAO/AIMD-00–33, November 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hamdi, M., Boudriga, N. (2004). An Abstract Reduction Model for Computer Security Risk. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_1
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive