Quantifying trust: data integrity metrics

This paper presents a framework for characterizing the integrity of data in terms of the probability of a successful integrity compromise attack-an attack whose goal is to achieve the unauthorized and undetected modification of the data. The framework is based on an innovative methodology that combines two complementary approaches for assessing this probability. The first approach looks at specific, known attacks, and uses attack trees to analyze their probability of success. This approach provides a lower bound on the probability of a successful integrity compromise attack, for some fixed level of effort on the part of the attacker. It demonstrates that an attack can succeed with a particular probability, but does not rule out the possibility that some other, perhaps previously unknown attack might have a greater probability of success. Our second approach addresses this limitation by applying cryptographic "provable security" results. Such results provide an upper bound on the probability of success for any possible attack (for a fixed utilization of attacker resources). We use this probabilistic framework to develop quantitative measures of integrity within a sample scenario.