An Attempt to Quantitative Modelling of Behavioural Security

Journal article, 1995

This paper suggests a quantitative approach to security, and specifically to a security-concept, which is regarded as an attribute of dependability together with reliability, availability and safety. We note that security is a more complex attribute of dependability than are the other three, and that it can therefore be split into preventive and behavioural aspects. We show that, in addition to availability, confidentiality could be used to denote a new type of behavioural aspect of dependability. Integrity is interpreted in terms of fault prevention, and is not directly related to system behaviour. A practical measure for behavioural dependability attributes including confidentiality is defined. Due to the dependability viewpoint of security that we take, a measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. The measure quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple Reference Monitor example is given to illustrate the use of the measure. The calculation method is then extended to handle situations with non–exponential failure rates, which is the normal case in security applications, by means of using phase–type modelling. This is illustrated by introducing malicious software, such as a Trojan Horse into the Reference Monitor.