Survivality Modeling for Quantitative Security Assessment in Ubiquitous Computing Systems*
Ubiquitous computing is about networked processors, which is constructed not only with one computer but with networks of computers. Security solutions usually lack a clear definition of survivality. Thus, this paper deals with a method of quantitatively assessing the system security based on the survivality. Since a logical step towards modeling survivality is to have a set of requirements first, attack-type modeling is constructed firstly. As the case study, we analyze the TCP-SYN attack and Code-Red worm attack according to both the attack-type model and survivality model.
KeywordsUbiquitous Computing Connection Request Security Solution Network Processor Information Security Management
Unable to display preview. Download preview PDF.
- 2.Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. Fred Cohen & Associates (1999) Google Scholar
- 3.Gupta, M., Chaturvedi, A., Mehta, S.: The Experimental Analysis of Information Security Management Issues for Online Financial Services. In: Proceedings of the 21th ACM International Conference on Information Systems, pp. 667–675 (2000)Google Scholar
- 4.Littlewood, B., et al.: Towards operational measures of computer security. Journal of Computer Security, 211–229 (1993)Google Scholar
- 6.Madan, B., Gŏseva-Popstojanova, K., Vaidyanathan K., and Trivedi, K.: Modeling and Quantification of Security Attributes of Software Systems. In: Proceedings of the International Conference on Dependable Systems and Networks, pp 505-514 (2002) Google Scholar
- 7.Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the Source. In: Proceedings of the 10th IEEE International Conference on Network Protocols, pp. 312–321 (2002)Google Scholar
- 8.Hunter, S.W., Smith, W.E.: Code-Red: a Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement Workshop, Analysis and Synthesis, pp. 273–284 (2002)Google Scholar