Tristan Caulfield, David Pym and Julian Williams
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.
Date: June 22-27, 2014
Presented: 2nd International Conference on Human Aspects of Information Security, Privacy and Trust, HCI International 2014, Heraklion, June 2014 (Foundations, Tools, and New Concepts in Trusted Computing track).
Published: Lecture Notes in Computer Science Volume 8533, 2014, pp 233-245
Publisher URL: http://link.springer.com/chapter/10.1007%2F978-3-319-07620-1_21
Full Text: http://link.springer.com/content/pdf/10.1007%2F978-3-319-07620-1_21.pdf