Abstract
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Beautement, A., et al.: Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. In: Eric Johnson, M. (ed.) Managing Information Risk and the Economics of Security, pp. 141–163. Springer (2008)
Beres, Y., Pym, D., Shiu, S.: Decision Support for Systems Security Investment. In: Proc. Business-driven IT Management (BDIM). IEEE Xplore (2010)
Bezanson, J., Karpinski, S., Shah, V.B., Edelman, A.: Julia: A fast dynamic language for technical computing. arXiv:1209.5145 (2012)
Bloom, N.: The impact of uncertainty shocks. Econometrica 77(3), 623–685 (2009)
Collinson, M., Monahan, B., Pym, D.: A Discipline of Mathematical Systems Modelling. College Publications (2012)
Core Gnosis, http://www.hpl.hp.com/research/systems_security/gnosis.html
Coulouris, G., Dollimore, J., Kindberg, T.: Distributed Systems: Concepts and Design, 3rd edn. Addison Wesley (2000)
de Simone, R.: Higher-level synchronising devices in Meije-SCCS. Theoretical Computer Science 37, 245–267 (1985)
Gordon, L.A., Loeb, M.P.: The Economics of Information Security Investment. ACM Transactions on Information and Systems Security 5(4), 438–457 (2002)
Heathfield, D.F.: Production Functions. Macmillan Press (1971)
Hennessy, M., Plotkin, G.: On observing nondeterminism and concurrency. In: de Bakker, J.W., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, pp. 299–309. Springer, Heidelberg (1980)
Ioannidis, C., Pym, D., Williams, J.: Investments and trade-offs in the economics of information security. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 148–166. Springer, Heidelberg (2009)
Ioannidis, C., Pym, D., Williams, J.: Information security trade-offs and optimal patching policies. European Journal of Operational Research 216(2), 434–444 (2011)
Ioannidis, C., Pym, D., Williams, J.: Fixed costs, investment rigidities, and risk aversion in information security: A utility-theoretic approach. In: Schneier, B. (ed.) Economics of Security and Privacy III, pp. 171–192. Springer (2012)
julia, http://julialang.org
Keeney, R.L., Raiffa, H.: Decisions with multiple objectives. Wiley (1976)
Milner, R.: Calculi for synchrony and asynchrony. Theoret. Comp. Sci. 25(3), 267–310 (1983)
Milner, R.: The Space and Motion of Communicating Agents. CUP (2009)
O’Hearn, P.W., Pym, D.J.: The logic of bunched implications. Bulletin of Symbolic Logic 5(2), 215–244 (1999)
Zellner, A.: Bayesian prediction and estimation using asymmetric loss functions. Journal of the American Statistical Association 81, 446–451 (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Caulfield, T., Pym, D., Williams, J. (2014). Compositional Security Modelling. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)