An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems
This work addresses a long-standing open problem in computer security, offering incremental improvements that could advance practical security analysis for networked systems.
The paper tackles the problem of quantitative security analysis for networked computer systems by weakening strong assumptions in prior work, such as exponential distributions and independence of random variables, and provides both analytical results and practical methods for obtaining security quantities.
Quantitative security analysis of networked computer systems is one of the decades-long open problems in computer security. Recently, a promising approach was proposed in \cite{XuTDSC11}, which however made some strong assumptions including the exponential distribution of, and the independence between, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in \cite{XuTDSC11}, methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These would represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.