Modeling and Simulation in Security Evaluation

Digital computers' earliest applications evaluated models of physical systems to predict their behavior under controlled conditions. To do this, they used simulation, computing changes to the models' state variables as a function of time. Since then, simulation has become fundamental to computer science. Developments in security have their roots elsewhere, but points of contact are increasing between security and simulation, particularly in several security evaluation areas, including: 1) impact assessment for determining how security measures affect system and application performance; 2) emulation, in which real and virtual worlds are combined to study the interaction between malware and systems, and probe for new system weaknesses; 3) cyberattack exercises and training scenarios; and 4) risk assessment based on known vulnerabilities, exploits, attack capabilities, and system configuration.

[1]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[2]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3]  David M. Nicol,et al.  Fast model-based penetration testing , 2004, Proceedings of the 2004 Winter Simulation Conference, 2004..

[4]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[5]  David M. Nicol,et al.  Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[6]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[7]  Sean W. Smith,et al.  Evaluation of efficient security for BGP route announcements using parallel simulation , 2004, Simul. Model. Pract. Theory.

[8]  Marie Cottrell,et al.  Large deviations and rare events in the study of stochastic algorithms , 1983 .

[9]  George Bakos,et al.  Early detection of Internet worm activity by metering ICMP destination unreachable messages , 2002, SPIE Defense + Commercial Sensing.

[10]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[11]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[12]  David M. Nicol,et al.  Simulation of cyber attacks with applications in homeland defense training , 2003, SPIE Defense + Commercial Sensing.

[13]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[14]  Bharat B. Madan,et al.  Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.