Reliable and Efficient Determination of the Likelihood of Rational Attacks

Aleksandr Lenin

Research output: ThesisPhD Thesis - Research external, graduation externalAcademic

6 Downloads (Pure)

Abstract

We live in the world in which the society is highly dependent on advanced diverse IT infrastructures which people use for performing daily activities and improving quality of life, private sector enterprises use it to provide services and operate, while governments rely on it to provide public services and ensure the welfare of the citizens. Such big and complex infrastructures are not vulnerability-free. Increasing numbers of IT security incidents all over the world have drawn attention to risk analysis methods capable of deciding whether the considered organization or infrastructure is sufficiently protected against relevant threats. The security controls are often costly and each security investment must be reasonable and properly justified. The security professionals have to justify the need for a security investment to their management and to explain them what are the benefits and what will an organization get for the money invested into security. There are no reliable and effective methods to assess whether the considered enterprise or infrastructure is secure or not – the existing computational methods are too complex to be a realistic candidate for practical use, while some of the existing methodologies place unnatural restrictions on the adversary and thus making the analysis results unreliable as they are capable of producing false-positive results. The objectives of the research are: • to improve the existing quantitative risk analysis models • to create new computational methods which would not produce false-positive results – e.g. when the result of the computational method shows that the model is secure w.r.t. the definition of security, while in reality it is not • to create robust computational methods capable of analyzing attack scenarios of practical size in reasonable time • to create tools supporting the developed analysis methods
Original languageEnglish
Awarding Institution
  • Tallinn University of Technology
Supervisors/Advisors
  • Buldas, Ahto, Supervisor
Award date21 Dec 2015
Place of PublicationTallinn, Estonia
Publisher
Print ISBNs978-9949-23-870-5
Electronic ISBNs978-9949-23-871-2
Publication statusPublished - 21 Dec 2015

Fingerprint

Computational methods
Risk analysis
Industry

Cite this

Lenin, Aleksandr. / Reliable and Efficient Determination of the Likelihood of Rational Attacks. Tallinn, Estonia : TUT Press, 2015. 243 p.
@phdthesis{94a4d34bedc94191af2d73ae57a13349,
title = "Reliable and Efficient Determination of the Likelihood of Rational Attacks",
abstract = "We live in the world in which the society is highly dependent on advanced diverse IT infrastructures which people use for performing daily activities and improving quality of life, private sector enterprises use it to provide services and operate, while governments rely on it to provide public services and ensure the welfare of the citizens. Such big and complex infrastructures are not vulnerability-free. Increasing numbers of IT security incidents all over the world have drawn attention to risk analysis methods capable of deciding whether the considered organization or infrastructure is sufficiently protected against relevant threats. The security controls are often costly and each security investment must be reasonable and properly justified. The security professionals have to justify the need for a security investment to their management and to explain them what are the benefits and what will an organization get for the money invested into security. There are no reliable and effective methods to assess whether the considered enterprise or infrastructure is secure or not – the existing computational methods are too complex to be a realistic candidate for practical use, while some of the existing methodologies place unnatural restrictions on the adversary and thus making the analysis results unreliable as they are capable of producing false-positive results. The objectives of the research are: • to improve the existing quantitative risk analysis models • to create new computational methods which would not produce false-positive results – e.g. when the result of the computational method shows that the model is secure w.r.t. the definition of security, while in reality it is not • to create robust computational methods capable of analyzing attack scenarios of practical size in reasonable time • to create tools supporting the developed analysis methods",
author = "Aleksandr Lenin",
note = "Foreground = 100{\%}; Type of activity = thesis; Main leader = CYB; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;",
year = "2015",
month = "12",
day = "21",
language = "English",
isbn = "978-9949-23-870-5",
publisher = "TUT Press",
school = "Tallinn University of Technology",

}

Lenin, A 2015, 'Reliable and Efficient Determination of the Likelihood of Rational Attacks', Tallinn University of Technology, Tallinn, Estonia.

Reliable and Efficient Determination of the Likelihood of Rational Attacks. / Lenin, Aleksandr.

Tallinn, Estonia : TUT Press, 2015. 243 p.

Research output: ThesisPhD Thesis - Research external, graduation externalAcademic

TY - THES

T1 - Reliable and Efficient Determination of the Likelihood of Rational Attacks

AU - Lenin, Aleksandr

N1 - Foreground = 100%; Type of activity = thesis; Main leader = CYB; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;

PY - 2015/12/21

Y1 - 2015/12/21

N2 - We live in the world in which the society is highly dependent on advanced diverse IT infrastructures which people use for performing daily activities and improving quality of life, private sector enterprises use it to provide services and operate, while governments rely on it to provide public services and ensure the welfare of the citizens. Such big and complex infrastructures are not vulnerability-free. Increasing numbers of IT security incidents all over the world have drawn attention to risk analysis methods capable of deciding whether the considered organization or infrastructure is sufficiently protected against relevant threats. The security controls are often costly and each security investment must be reasonable and properly justified. The security professionals have to justify the need for a security investment to their management and to explain them what are the benefits and what will an organization get for the money invested into security. There are no reliable and effective methods to assess whether the considered enterprise or infrastructure is secure or not – the existing computational methods are too complex to be a realistic candidate for practical use, while some of the existing methodologies place unnatural restrictions on the adversary and thus making the analysis results unreliable as they are capable of producing false-positive results. The objectives of the research are: • to improve the existing quantitative risk analysis models • to create new computational methods which would not produce false-positive results – e.g. when the result of the computational method shows that the model is secure w.r.t. the definition of security, while in reality it is not • to create robust computational methods capable of analyzing attack scenarios of practical size in reasonable time • to create tools supporting the developed analysis methods

AB - We live in the world in which the society is highly dependent on advanced diverse IT infrastructures which people use for performing daily activities and improving quality of life, private sector enterprises use it to provide services and operate, while governments rely on it to provide public services and ensure the welfare of the citizens. Such big and complex infrastructures are not vulnerability-free. Increasing numbers of IT security incidents all over the world have drawn attention to risk analysis methods capable of deciding whether the considered organization or infrastructure is sufficiently protected against relevant threats. The security controls are often costly and each security investment must be reasonable and properly justified. The security professionals have to justify the need for a security investment to their management and to explain them what are the benefits and what will an organization get for the money invested into security. There are no reliable and effective methods to assess whether the considered enterprise or infrastructure is secure or not – the existing computational methods are too complex to be a realistic candidate for practical use, while some of the existing methodologies place unnatural restrictions on the adversary and thus making the analysis results unreliable as they are capable of producing false-positive results. The objectives of the research are: • to improve the existing quantitative risk analysis models • to create new computational methods which would not produce false-positive results – e.g. when the result of the computational method shows that the model is secure w.r.t. the definition of security, while in reality it is not • to create robust computational methods capable of analyzing attack scenarios of practical size in reasonable time • to create tools supporting the developed analysis methods

M3 - PhD Thesis - Research external, graduation external

SN - 978-9949-23-870-5

PB - TUT Press

CY - Tallinn, Estonia

ER -

Lenin A. Reliable and Efficient Determination of the Likelihood of Rational Attacks. Tallinn, Estonia: TUT Press, 2015. 243 p.