IT Security Analysis Best Practices and Formal Approaches

  • Daniel Le Métayer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4677)


This tutorial provides an overview of the best industrial practices in IT security analysis followed by a sketch of recent research results in this area, especially results providing formal foundations and more powerful tools for security analysis. The conclusion suggests directions for further work to fill the gaps between formal methods and industrial practices.


Model Check Security Analysis Formal Approach Successful Attack Attack Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the OCTAVE approach. Carnegie Mellon, SEI (2003)Google Scholar
  2. 2.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and Communications Security CCS 2002 (2002)Google Scholar
  3. 3.
    Besson, F., Jensen, T., Le Métayer, D., Thorn, T.: Model checking security properties of control flow graphs. Journal of Computer Security 9 (2001)Google Scholar
  4. 4.
    Common Criteria for Information Technology Security evaluation,
  5. 5.
    Conrad, J.R.: Analyzing the risks of information security investments with Monte-Carlo simulations. In: IEEE Workshop on the Economics of Information Society (2005)Google Scholar
  6. 6.
    Howard, M., LeBlanc, D.: Writing secure code. Microsoft Press, Redmond (2003)Google Scholar
  7. 7.
    Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 15th Computer Security Foundations Workshop, IEEE Computer Society, Los Alamitos (2002)Google Scholar
  8. 8.
    Le Métayer, D., Loiseaux, C.: ASTRA: a security analysis method based on systematic asset tracking (to appear)Google Scholar
  9. 9.
    Maw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, Springer, Heidelberg (2006)Google Scholar
  10. 10.
    McGraw, G.: Software security: building security in. Addison Wesley Professional, Reading (2006)Google Scholar
  11. 11.
    Peltier, T.R.: Information Security Risk Analysis. Auerbach Publications (2005)Google Scholar
  12. 12.
    Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, ACM Press, New York (1998)Google Scholar
  13. 13.
    Ramakrishan, C.R., Sekar, R.: Model-based vulnerability analysis of computer systems. In: Second International Workshop on Verification, Model Checking and Abstract Interpretation (VMCAI 1998) (1998)Google Scholar
  14. 14.
    Schechter, S.E.: Computer security strengths and risks: a quantitative approach. PhD Thesis, Harvard University (2004)Google Scholar
  15. 15.
    Schneier, B.: Attack trees, modeling security threats. Dr Dobbs Journal (1999)Google Scholar
  16. 16.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publication, pp. 800–830 (2002)Google Scholar
  17. 17.
    Swiderski, F., Snyder, W.: Threat modeling. Microsoft Press, Redmond (2004)Google Scholar
  18. 18.
    Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling internet attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, IEEE Computer Society Press, Los Alamitos (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Daniel Le Métayer
    • 1
  1. 1.Inria Rhône-Alpes, Grenoble and, Trusted Logic, VersaillesFrance

Personalised recommendations