Skip to main content
SpringerLink
Log in

Modeling Humans: A General Agent Model for the Evaluation of Security

  • Conference paper
  • First Online:
Quantitative Evaluation of Systems (QEST 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11024))

Included in the following conference series:

Abstract

Careful planning is needed to design cyber infrastructures that can achieve mission objectives in the presence of deliberate attacks, including availability and reliability of service and confidentiality of data. Planning should be done with the aid of rigorous and sound security models. A security modeling formalism should be easy to learn and use, flexible enough to be used in different contexts, and should explicitly model the most significant parts of the system of interest. In particular, the research community is increasingly realizing the importance of human behavior in cyber security. However, security modeling formalisms often explicitly model only the adversary, or simplistic interactions between adversaries and defenders, or are tailored to specific use cases, or are difficult to use. We propose and define a novel security modeling formalism that explicitly models adversary, defender, and user behavior in an easy and general way, and illustrate its use with an example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Baiardi, F., Corò, F., Tonelli, F., Bertolini, A., Bertolotti, R., Guidi, L.: Security stress: evaluating ICT robustness through a monte carlo method. In: Panayiotou, C.G.G., Ellinas, G., Kyriakides, E., Polycarpou, M.M.M. (eds.) CRITIS 2014. LNCS, vol. 8985, pp. 222–227. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31664-2_23

    Chapter  Google Scholar 

  2. Buratowski, M.: The DNC server breach: who did it and what does it mean? Netw. Secur. 2016(10), 5–7 (2016)

    Article  Google Scholar 

  3. Eloff, J., Labuschagne, L., Badenhorst, K.: A comparative framework for risk analysis methods. Comput. Secur. 12(6), 597–603 (1993). https://doi.org/10.1016/0167-4048(93)90056-B

    Article  Google Scholar 

  4. Gorodetski, V., Kotenko, I., Karsaev, O.: Multi-agent technologies for computer network security: attack simulation, intrusion detection and intrusion detection learning. Int. J. Comput. Syst. Sci. Eng. 18(4), 191–200 (2003)

    Google Scholar 

  5. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 17th International Conference on World Wide Web, WWW 2008, pp. 209–218. ACM, New York (2008)

    Google Scholar 

  6. Herley, C., v. Oorschot, P.C.: SoK: science, security and the elusive goal of security as a scientific pursuit. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 99–120, May 2017

    Google Scholar 

  7. Izmalkov, S., Micali, S., Lepinski, M.: Rational secure computation and ideal mechanism design. In: 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2005), pp. 585–594, October 2005. https://doi.org/10.1109/SFCS.2005.64

  8. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2012). https://doi.org/10.1093/logcom/exs029

    Article  MathSciNet  MATH  Google Scholar 

  9. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. CoRR abs/1303.7397 (2013). http://arxiv.org/abs/1303.7397

  10. Kramer, J.: Attack-defence graphs: on the formalisation of security-critical systems. Master’s thesis, Saarland University (2015). https://www-old.cs.uni-paderborn.de/uploads/tx_sibibtex/main_01.pdf

  11. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  12. Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack on the Ukrainian power grid. SANS Industrial Control Systems (2016)

    Google Scholar 

  13. LeMay, E.: Adversary-driven state-based system security evaluation. Ph.D. thesis, University of Illinois at Urbana-Champaign (2011). https://www.perform.illinois.edu/Papers/USAN_papers/11LEM02.pdf

  14. Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 25:1–25:39 (2013)

    Article  Google Scholar 

  15. Marsan, M.A., Balbo, G., Conte, G., Donatelli, S., Franceschinis, G.: Modelling with Generalized Stochastic Petri Nets, 1st edn. Wiley, New York (1994)

    MATH  Google Scholar 

  16. Meyer, J.F., Movaghar, A., Sanders, W.H.: Stochastic activity networks: Structure, behavior, and application. In: Proceedings of the International Conference on Timed Petri Nets, Torino, Italy, pp. 106–115, July 1985

    Google Scholar 

  17. Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: 2010 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2010)

    Google Scholar 

  18. Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodolgy. In: Proceedings of the 1998 Workshop on New Security Paradigms, NSPW 1998, pp. 2–10. ACM, New York (1998)

    Google Scholar 

  19. Sanders, W.H., Meyer, J.F.: Reduced base model construction methods for stochastic activity networks. IEEE J. Sel. Areas Commun. 9(1), 25–36 (1991). Special issue on Computer-Aided Modeling, Analysis, and Design of Communication Networks

    Article  Google Scholar 

  20. Sanders, W.H., Meyer, J.: A unified approach for specifying measures of performance, dependability, and performability. In: Avizienis, A., Kopetz, H., Laprie, J. (eds.) Dependable Computing for Critical Applications, Dependable Computing and Fault-Tolerant Systems, vol. 4, pp. 215–237. Springer, Vienna (1991). https://doi.org/10.1007/978-3-7091-9123-1_10

    Chapter  Google Scholar 

  21. Straub, D.W., Welke, R.J.: Coping with systems risk: security planning models for management decision making. MIS Q., 441–469 (1998)

    Google Scholar 

  22. Verendel, V.: Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, NSPW 2009, pp. 37–50. ACM, New York(2009)

    Google Scholar 

  23. Wagner, N., Lippmann, R., Winterrose, M., Riordan, J., Yu, T., Streilein, W.W.: Agent-based simulation for assessing network security risk due to unauthorized hardware. In: Proceedings of the Symposium on Agent-Directed Simulation, ADS 2015, pp. 18–26. Society for Computer Simulation International, San Diego (2015)

    Google Scholar 

  24. You, X.Z., Shiyong, Z.: A kind of network security behavior model based on game theory. In: Proceedings of the 4th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2003, pp. 950–954, August 2003. https://doi.org/10.1109/PDCAT.2003.1236458

Download references

Author information

Authors and Affiliations

  1. University of Illinois at Urbana-Champaign, Urbana, IL, USA

    Michael Rausch, Ahmed Fawaz, Ken Keefe & William H. Sanders

Authors
  1. Michael Rausch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmed Fawaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ken Keefe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William H. Sanders
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Rausch .

Editor information

Editors and Affiliations

  1. Macquarie University , Sydney, New South Wales, Australia

    Annabelle McIver

  2. University of Turin , Turin, Italy

    Andras Horvath

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rausch, M., Fawaz, A., Keefe, K., Sanders, W.H. (2018). Modeling Humans: A General Agent Model for the Evaluation of Security. In: McIver, A., Horvath, A. (eds) Quantitative Evaluation of Systems. QEST 2018. Lecture Notes in Computer Science(), vol 11024. Springer, Cham. https://doi.org/10.1007/978-3-319-99154-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99154-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99153-5

  • Online ISBN: 978-3-319-99154-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation