Learn More
This paper presents a methodology for enumerating the vulnerabilities of a system, and determining what countermeasures can best close those vulnerabilities. We first describe how to characterize possible adversaries in terms of their resources, access, and risk tolerance, then we show how to map vulnerabilities to the system throughout its life cycle, and(More)
today? If there is still a need, how might we address it? To define multilevel security, we must first define security, which is " the combination of confidentiality (the prevention of the unauthorized disclosure of information), integrity (the prevention of the unauthorized amendment or deletion of information), and availability (the prevention of the(More)
There are significant advantages to utilizing game theory in the domain of information warfare. The algorithms sculpted to create programs capable of beating some of the best humans in the world in games such as chess and backgammon provide the ability to analyze millions of possibilities, model opponent characteristics, and self-generate what-if scenarios.(More)
Protection of cyber assets is critical in today's corporate and military environment. Whether an attacker is a casual hacker or an organized terrorist group, it is crucial to be able to keep your system functional and secure. Game theory offers an array of promising techniques for aiding tactical analysis in this domain. In this paper, we identify the areas(More)
It has been nearly three decades since the National Computer Security Center's Logical Coprocessing Kernel (LOCK) program originated in a program called the Provably Secure Operating Systems. LOCK was the last of the highly trustworthy operating system research projects. The original paper, on which this is based [22], captures the essence of the goals and(More)
Why measuring security? To make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during design and operations. This panel brings together a number security experts to relate their perspectives on what makes a good security metric, how risk analysis, one of the most(More)