Complexity-Based Information Assurance

Unless vulnerabilities can be identified and measured, the information assurance of a system can never be properly designed or guaranteed. Results from a study on complexity evolving within an information system using Mathematica, Swarm, and a new Java complexity probe toolkit are presented in this paper. An underlying definition of information security is hypothesized based upon the attacker and defender as reasoning entities, capable of learning to outwit one another. This leads to a study of the evolution of complexity in an information system and the effects of the environment upon the evolution of information complexity. Understanding the evolution of complexity in a system enables a better understanding of how to measure and quantify the vulnerability of a system. Finally, the design of the Java complexity probe toolkit under construction for automated measurement of information assurance is presented.