Tristan Caulfield, David Pym and Julian Williams

Abstract

Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems. Date: June 22-27, 2014 Presented: 2nd International Conference on Human Aspects of Information Security, Privacy and Trust, HCI International 2014, Heraklion, June 2014 (Foundations, Tools, and New Concepts in Trusted Computing track). Published: Lecture Notes in Computer Science Volume 8533, 2014, pp 233-245 Publisher: Springer ISBN: 9783319076195 Publisher URL: http://link.springer.com/chapter/10.1007%2F978-3-319-07620-1_21 Full Text: http://link.springer.com/content/pdf/10.1007%2F978-3-319-07620-1_21.pdf DOI: http://dx.doi.org/10.1007/978-3-319-07620-1_21