• DocumentCode
    1442191
  • Title

    Security Modeling and Analysis

  • Author

    Bau, Jason ; Mitchell, John C.

  • Author_Institution
    Comput. Security Lab., Stanford Univ., Stanford, CA, USA
  • Volume
    9
  • Issue
    3
  • fYear
    2011
  • Firstpage
    18
  • Lastpage
    25
  • Abstract
    Security modeling centers on identifying system behavior, including any security defenses; the system adversary´s power; and the properties that constitute system security. Once a security model is clearly defined, security analysis evaluates whether the adversary, interacting with the system, can defeat the desired security properties. Although the authors illustrate security analysis using model checking, analysts can use various methods and tools to evaluate system security, including manual and automated theorem-proving tools that provide assurance about the absence of attacks in a specified threat model. This article describes a uniform approach for evaluating system security and illustrates the approach by summarizing three case studies. Security modeling and analysis also provides a basis for comparative evaluation and some forms of security metrics.
  • Keywords
    formal verification; security of data; model checking; security analysis; security defenses; security metrics; security modeling; system behavior; theorem-proving tools; Adaptation model; Analytical models; Computational modeling; Computer security; Electronic mail; Privacy; Protocols; Security; Security modeling; formal methods; model checking; security analysis;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2011.2
  • Filename
    5708126
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1442191