Andrey Chechulin

Learn More
The paper suggests a framework for attack modeling and security evaluation in Security Information and Event Management (SIEM) systems. It is supposed that the common approach to attack modeling and security evaluation is based on modeling of a malefactor's behavior, generating a common attack graph, calculating different security metrics and providing risk(More)
The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The(More)
Analysis of security risks and calculation of security metrics is an important task for Security Information and Events Management (SIEM) systems. It allows recognizing the current security situation and necessary countermeasures. The paper considers technique for calculation of security metrics on the base of attack graphs and service dependencies. The(More)
From information security point of view embedded devices are the elements of complex systems operating in a potentially hostile environment. Therefore development of embedded devices is a complex task that often requires expert solutions. The complexity of the task of developing secure embedded devices is caused by various types of threats and attacks that(More)
Security evaluation systems usually use various information sources to estimate computer network security. One of the important tasks in these systems is integration and storage of information from various sources. The paper is devoted to investigation and development of models and methods to integrate open security databases into one repository. The model(More)
The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of malefactors' behavior, building a common attack graph, processing current alerts for real-time adjusting of particular attack graphs, calculating(More)