Data Collection for Security Fault Forecasting - Pilot Experiment
Journal article, 1993

In most contexts, it is not feasible to guarantee that a system is 100% secure. Measures and predictions of operational security of computer systems are therefore obviously of interest to any owner of a system which is a candidate for potential intruders. Such measures would allow assessment of current and future expected loss to thesystem owner due to security breaches in a given attacking environment and a given level of protection. In [Littlewood, Brocklehurst et al. 1991] a probabilistic approach to modelling operational security, analogous to that used in reliability, is suggested. It is clear that empirical data would be useful in deriving a plausible probabilistic approach to security modelling. Such data can be acquired experimentally, by allowing a group of selected people to perform security attacks on a given computer system in a controlled way. The attack process can then be monitored and relevant data recorded. This document describes such an experiment. As far as we are aware, this is the first attempt to conduct such an experiment, and our intention was more to explore general feasibility than to collect data that provides significant information for modelling. This pilot experiment did indeed give some valuable information on how future full-scale experiments of this kind should be performed and the results and recommendations for improvements to the experimental set-up are discussed here.

experimentation

fault forecasting

data collection

Security

Author

Tomas Olovsson

Department of Computer Engineering

Erland Jonsson

Department of Computer Engineering

Sarah Brocklehurst

Bev Littlewood

Predictably Dependable Computing Systems (PDCS) First Year Report

515-560

Subject Categories (SSIF 2011)

Computer and Information Science

More information

Created

10/7/2017