Skip to main content
SpringerLink
Log in

On the quantitative assessment of behavioural security

  • Session 7: Security Models and Intrusion Detection
  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 1996)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1172))

Included in the following conference series:

Abstract

This paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioural and preventive. We show that, among the traditional security aspects, availability and confidentiality should be used to denote be havioural security. The third aspect, integrity, is interpreted in terms of fault prevention and is regarded as a preventive characteristic. A practical measure for behavioural characteristics, including reliability and safety, is defined. We show how the measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. It quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple example based on a Reference Monitor is given. Failures resulting from security breaches are normally not exponentially distributed. The calculation method must therefore be extended to handle situations with non-exponential failure rates. This is done by means of phase-type modelling, illustrated by introducing malicious software, such as a Trojan Horse, into the Reference Monitor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. D. Beaudry, “Performance-Related Reliability Measures for Computing Systems”. IEEE Transactions on Computers, Vol. C-27, No. 6, June 1978.

    Google Scholar 

  2. S. Brocklehurst and B. Littlewood, “New Ways to Get Accurate Reliability Measures”, IEEE Software, vol. 9, No. 4, pp. 34–42, 1992.

    Google Scholar 

  3. S. Brocklehurst, B. Littlewood, T. Olovsson, E. Jonsson: “On Measurement of Operational Security”, in Proceedings of the Ninth Annual IEEE Conference on Computer Assurance, COMPASS'94, Gaithersburg, Maryland, USA, June 29–July 1, pp. 257–266.1994.

    Google Scholar 

  4. S. Castano, M. G. Fugini, G. Martella, P. Samarati, “Database Security”, Addison-Wesley, 1995. ISBN 0-201-59375-0.

    Google Scholar 

  5. C. J. Date, “An Introduction to Database Systems”, Vol. 1, 5th edition, pp. 429ff, Addison-Wesley 1990, ISBN 0-201-51381-1.

    Google Scholar 

  6. D. E. Denning, “A New Paradigm for Trusted Systems”, Proceedings of the IEEE New Paradigms Workshop, pp. 36–41.1993.

    Google Scholar 

  7. G. Grimmet, D. R. Stirzaker, “Probability and Random Processes”. ISBN 0-19-853666-6. Clarendon Press. p. 396ff. 1992.

    Google Scholar 

  8. U. Gustafson, E. Jonsson, T. Olovsson: “Security Evaluation of a PC Network based on Intrusion Experiments”. Proceedings of the 14th International Congress on Computer and Communications Security, SECURICOM '96, Paris, France, pp. 187–203, June 4–6, 1996.

    Google Scholar 

  9. U. Gustafson, E. Jonsson, T. Olovsson: “On the Modelling of Preventive Security Based on a PC Network Intrusion Experiment”. Proceedings of the Australasian Conference on Information Security and Privacy, ACISP'96, Wollongong, Australia, June 24–26, 1996.

    Google Scholar 

  10. R.A. Howard, “Dynamic Probabilistic Systems”, New York Wiley 1971, ISBN 99-0002431-1.1971.

    Google Scholar 

  11. Information Technology Security Evaluation Criteria (ITSEC), Provisional Harmonized Criteria, December 1993. ISBN 92-826-7024-4.

    Google Scholar 

  12. E. Jonsson, T. Olovsson, “On the Integration of Security and Dependability in Computer Systems”, IASTED International Conference on Reliability, Quality Control and Risk Assessment, Washington, Nov. 4–6, 1992. ISBN 0-88986-171-4, pp. 93–97.

    Google Scholar 

  13. E. Jonsson, S. Asmussen, “A Practical Dependability Measure for Embedded Computer Systems”, Proceeedings of the IFAC 12th World Congress, Sydney, Vol. 2, July 18–23, 1993. pp. 647–652.

    Google Scholar 

  14. E. Jonsson, M. Andersson, S. Asmussen, “A Practical Dependability Measure for Degradable Computer Systems with Non-exponential Degradation”, Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, SAFEPROCESS'94, Espoo, Finland, vol. 2, June 13–15, 1994. pp. 227–233.

    Google Scholar 

  15. E. Jonsson, T. Olovsson, “Security in a Dependability Perspective”, Nordic Seminar on Dependable Computing Systems 1994 (NSDCS'94), Lyngby, Aug. 24–26, 1994. pp. 175–186.

    Google Scholar 

  16. J. C. Laprie et al.: Dependability: Basic Concepts and Terminology, Springer-Verlag, ISBN 3-211-82296-8, 1992.

    Google Scholar 

  17. B. Littlewood, S. Brocklehurst, N.E. Fenton, P. Mellor, S. Page, D. Wright, J.E. Dobson, J.A. McDermid and D. Gollmann, “Towards Operational Measures of Computer Security”, Journal of Computer Security, vol. 2, no. 3. 1994.

    Google Scholar 

  18. J.F. Meyer, “On Evaluating the Performability of Degradable Computing Systems”, IEEE Transaction on Computers, Vol. C-29, pp. 720–731. 1980.

    Google Scholar 

  19. J.F. Meyer, “Performability: a Retrospective and Some Pointers to the Future” in Performance Evaluation 14, North-Holland, 1992. pp.139–156.

    Google Scholar 

  20. M. F. Neuts, “Matrix-Geometric Solutions in Stochastic Models”, Johns Hopkins University Press, Baltimore. 1981.

    Google Scholar 

  21. T. Olovsson, E. Jonsson, S. Brocklehurst, B. Littlewood, “Data Collection for Security Fault Forecasting: Pilot Experiment”, Technical Report No 167, Department of Computer Engineering, Chalmers University of Technology, 1992 and ESPRIT/BRA Project No 6362 (PDCS2) First Year Report, Toulouse Sept. 1993, pp. 515–540.

    Google Scholar 

  22. T. Olovsson, E. Jonsson, S. Brocklehurst, B. Littlewood: “Towards Operational Measures of Computer Security: Experimentation and Modelling”, in B. Randell et al. (editors.): Predictably Dependable Computing Systems, ESPRIT Basic Research Series, Springer Verlag, 1995, ISBN 3-540-59334-9, pp 555–572.

    Google Scholar 

  23. R.M. Smith, K.S. Trivedi, “A Performability Analysis of Two Multi-Processor Systems”, Proc. 17th IEEE Int. Symp. on Fault Tolerant Computing, FTCS-17, Pittsburg, Pennsylvania, 1987. pp. 224–229.

    Google Scholar 

  24. E. de Souza e Silva, H.R. Gail, “Calculating Availability and Performability Measures of Repairable Computer Systems Using Randomization”, Journal of the ACM, vol. 36, no. 1.1989.

    Google Scholar 

  25. Trusted Computer System Evaluation Criteria (“orange book”), National Computer Security Center, Department of Defense, No DOD 5200.28.STD, 1985.pd

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Department of Mathematics, Chalmers University of Technology, S-412 96, Göteborg, Sweden

    Erland Jonsson & Mikael Andersson

Authors
  1. Erland Jonsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mikael Andersson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Josef Pieprzyk Jennifer Seberry

Rights and permissions

Reprints and permissions

Copyright information

© 1996 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jonsson, E., Andersson, M. (1996). On the quantitative assessment of behavioural security. In: Pieprzyk, J., Seberry, J. (eds) Information Security and Privacy. ACISP 1996. Lecture Notes in Computer Science, vol 1172. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0023302

Download citation

  • DOI: https://doi.org/10.1007/BFb0023302

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-61991-8

  • Online ISBN: 978-3-540-49583-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation