Probabilistic Reasoning with Graphical Security Models
Quantifying probabilistic aspects of attacks is an important issue in security analysis. Decisions on which defense mechanisms or countermeasures should be implemented are based on the probability of attacks. Furthermore, probabilities play an important role in the evaluation of risk-related measures that combine the frequency or the probability of an attack with its impact or costs.
The work presented in this talk addresses the growing need of performing meaningful probabilistic analysis of security. We will first identify practical challenges in the domain and formulate the corresponding research questions. Then, we will present a framework that integrates the graphical security modeling technique of attack-defense trees with probabilistic information expressed in terms of Bayesian networks. We will discuss the algebraic theory underlying our framework and show how to improve the efficiency of probabilistic computations.
Thème(s) : Conférences Recherche