文件名称:A Novel Security Risk Evaluation for Information Systems
文件大小:122KB
文件格式:PDF
更新时间:2015-02-09 06:20:10
Security Risk Evaluation
Zaobin Gan, Jiufei Tang and Ping Wu College of Computer Science and Technology Huazhong University of Science and Technology, Wuhan, 430074, P.R. China Email: zhgan@hust.edu.cn Vijay Varadharajan Department of Computing, Macquarie University NSW 2109, Sydney, Australia Email: vijay@ics.mq.edu.au Abstract Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multiattribute utility theory is adopted. All algorithms are presented for each steps of this new evaluation method. In addition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objective, but also offer a good foundation for the implementation of the automatic evaluation tool.1