1.
Jonsson, Erland, 1946, et al.
(författare)
A quantitative model of the security intrusion process based on attacker behavior
1997
Ingår i: IEEE Transactions on Software Engineering. - : Institute of Electrical and Electronics Engineers (IEEE). - 0098-5589 .- 1939-3520. ; 23:4, s. 235-245
Tidskriftsartikel (refereegranskat) abstract
This paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioral and preventive. Here, preventive security denotes the system's ability to protect itself from external attacks. One way to describe the preventive security of a system is in terms of its interaction with the alleged attacker, i.e., by describing the intrusion process. To our knowledge, very little is done to model this process in quantitative terms. Therefore, based on empirical data collected from intrusion experiments, we have worked out a hypothesis on typical attacker behavior. The hypothesis suggests that the attacking process can be split into three phases: the learning phase, the standard attack phase, and the innovative attack phase. The probability for successful attacks during the learning and innovative phases is expected to be small, although for different reasons. During the standard attack phase it is expected to be considerably higher. The collected data indicates that the breaches during the standard attack phase are statistically equivalent and that the times between breaches are exponentially distributed. This would actually imply that traditional methods for reliability modeling could be applicable.
2.
Jonsson, Erland, 1946, et al.
(författare)
Security intrusion process: an empirical model
1997
Ingår i: IEEE Aerospace and Electronic Systems Magazine. - : Institute of Electrical and Electronics Engineers (IEEE). - 0885-8985. ; 12:4, s. 7-17
Tidskriftsartikel (refereegranskat) abstract
This paper describes a security model developed from empirical data collected from a realistic intrusion experiment in which a number of undergraduate students were invited to attack a distributed computer system. Relevant data, with respect to their intrusion activities, were recorded continuously. We have worked out a hypothesis on typical attacker behavior based on experiences from this and other similar experiments. The hypothesis suggests that the attacking process can be split into three phases: the learningphase, the standard attack phase and the innovative attack phase. The probability for successful attacks during the learning phase is expected to be small and, if a breach occurs, it is rather a result of pure luck than deliberate action. During the standard attack phase, this probability is considerably higher, whereas it decreases again in the innovative attack phase. The collected data indicates that the breaches during the standard attack phase are statistically equivalent. Furthermore, the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modelling of component failures may be applicable.
3.
4.
Palme, Jacob, et al.
(författare)
Issues when designing filters in messaging systems
1996
Ingår i: Computer Communications. - : Elsevier BV. - 0140-3664 .- 1873-703X. ; 19:2, s. 95-101
Tidskriftsartikel (refereegranskat) abstract
The increasing size of messaging communities increases the risk of information overload, especially when group communication tools like mailing lists or asynchronous conferencing systems (like Usenet News) are used. Future messaging systems will require more capable filters to aid users in the selection of what to read. The increasing use of networks by non-computer professionals requires filters that are easier to use and manage than most filtering software today. Filters might use evaluations of messages made by certain users as an aid to filtering these messages for other users.
5.
6.
Eriksson, Patric Tony
(författare)
Enhancements in virtual robotics : Through simulation of sensors, events and 6pre-emptive' learning
1996
Doktorsavhandling (övrigt vetenskapligt/konstnärligt) abstract
Virtual robotics can be used to dramatically improve the capabilities and performance of industrial robotic systems. Virtual robotics encapsulates graphical off-line programming systems and Computer Aided Robotics (CAR). However current virtual robotic tools suffer from a number of major limitations which severely restrict the ways in which they can be deployed and the performance advantages they offer to the industrial user. The research study focuses on simulation of sensors, programming of event based robotic systerns and demonstrates how intelligent robots can be trained adaptive behaviours in virtual environments. Contemporary graphical programming systems for robots can only be used to program limited sections of a robot program, since i) they do not support methods for the simulation of sensors and event detection; ii) they normally use a post-processor to translate programs from a general language to a controller specific language; iii) conternporary robots can not easily adapt to changes in their environments; and iv) robot programs created off-line must be calibrated to adjust to differences between the virtual and real robotic workcells.The thesis introduces a generic sensor model which can be used to model a variety of sensor types. This model allows virtual sensors to work as independent devices. It is demonstrated that using simulated sensors, event-based robot programs can be created and debugged entirely off-line. Off-line programming of event-based robotic systems demands methods for realistic handling of the communication between independent devices and process. The system must also possess the ability to manage and store information describing status and events in the environment. A blackboard architecture has been used in this research study to store environmental conditions and manage inter-process communication.Self-learning robots is a possible strategy to allow robots to adapt to environmental changes and to learn from their experience. If suitable learning regimes are developed robots can learn to detect changes between virtual and real environments thus minimising the need for calibration. Most learning is based on experience and this requires experimental data to be fed to the learning system. This thesis demonstrates that robot controllers using artificial neural networks for knowledge acquisition and storage can be 'pre-emptively learnt' in virtual robotic environments using virtual robots and simulated sensors. The controllers are able to generalise from the information acquired by the virtual sensors operating in the virtual environment. Arguably the biggest obstacle to the use of self learning robotic systems in real applications has been the need to train the 'real robots' extensively in the 'real environment'. 'Pre-emptive learning' removes this problem. Furthermore, it is therefore possible to develop and evaluate new learning regimes using virtual robotic systems. This approach provides an opportunity to create a variety of environments and conditions which would be impractical to create in a real environment (due to constraints of time, cost and availability).
7.
Gustafson, Ulf, et al.
(författare)
On the modelling of preventive security based on a PC network intrusion experiment
1996
Ingår i: ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy. - 3540619917 ; 1172, s. 242-252
Konferensbidrag (refereegranskat) abstract
This paper describes a realistic intrusion experiment intended to investigate whether such experiments can yield data suitable for use in quantitative modelling of preventive security, which denotes the system's ability to protect itself from external intrusions. The target system was a network of Personal Computer clients connected to a server. A number of undergraduate students served as attackers and continuously reported relevant data with respect to their intrusion activities. This paper briefly describes the experiment and presents a compilation of all the types of data recorded. A first interpretation and classification of the data are made, and its possible use for modelling purposes is discussed. Summaries of breach parameters and a number of informtive diagrams and tables reflecting the intrusion process are presented.
8.
9.
Lindqvist, Ulf, 1970, et al.
(författare)
An analysis of a secure system based on trusted components
1996
Ingår i: IEEE Proceedings of the Eleventh Annual Conference on Computer Assurance, COMPASS '96. ; , s. 213-223
Konferensbidrag (refereegranskat) abstract
The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies.
10.
Olovsson, Tomas, 1959, et al.
(författare)
Towards operational measures of computer security: Experimentation and modelling
1995
Ingår i: Predictably Secure Computing Systems. - 3540593349 ; , s. 555-572
Bokkapitel (övrigt vetenskapligt/konstnärligt) abstract
The two experiments described here were intended to investigate the empirical issues that arise from the probabilistic view of security assessment discussed in the previous paper. Specifically, they investigated the problems of measureing effort and reward associated with security attacks and breaches.
