Evolving Secure Information Systems through Attack Simulation

Elmar Kiesling; Andreas Ekelhart; Bernhard Grill; Christian Stummer; Christine Strauss

doi:10.1109/HICSS.2014.597

Evolving Secure Information Systems through Attack Simulation

Elmar Kiesling
, Andreas Ekelhart
, Bernhard Grill
, Christian Stummer
, Christine Strauss

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

Abstract

In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.

Original language	English
Title of host publication	Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014
Subtitle of host publication	6–9 January 2014, Waikoloa, Hawaii
Editors	Ralph H. Sprague, Jr.
Place of Publication	Danvers, MA
Publisher	IEEE Press
Pages	4868-4877
Number of pages	10
ISBN (Print)	9781479925049
DOIs	https://doi.org/10.1109/HICSS.2014.597
Publication status	Published - Jan 2014
Externally published	Yes
Event	47th Hawaii International Conference on System Sciences, HICSS 2014 - Waikoloa, HI, United States Duration: 6 Jan 2014 → 9 Jan 2014

Publication series

Series	Proceedings of the Annual Hawaii International Conference on System Sciences
ISSN	1530-1605

Conference

Conference	47th Hawaii International Conference on System Sciences, HICSS 2014
Country/Territory	United States
City	Waikoloa, HI
Period	6/01/14 → 9/01/14

Access to Document

10.1109/HICSS.2014.597Licence: Unspecified

Cite this

Kiesling, E., Ekelhart, A., Grill, B., Stummer, C., & Strauss, C. (2014). Evolving Secure Information Systems through Attack Simulation. In R. H. Sprague, Jr. (Ed.), Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014: 6–9 January 2014, Waikoloa, Hawaii (pp. 4868-4877). Article 6759200 IEEE Press. https://doi.org/10.1109/HICSS.2014.597

Kiesling, Elmar ; Ekelhart, Andreas ; Grill, Bernhard et al. / Evolving Secure Information Systems through Attack Simulation. Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014: 6–9 January 2014, Waikoloa, Hawaii. editor / Ralph H. Sprague, Jr. Danvers, MA : IEEE Press, 2014. pp. 4868-4877 (Proceedings of the Annual Hawaii International Conference on System Sciences).

@inproceedings{b6c66cdb1bbd4439aaab1ae110c9af00,

title = "Evolving Secure Information Systems through Attack Simulation",

abstract = "In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.",

author = "Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christian Stummer and Christine Strauss",

year = "2014",

month = jan,

doi = "10.1109/HICSS.2014.597",

language = "English",

isbn = "9781479925049",

series = "Proceedings of the Annual Hawaii International Conference on System Sciences",

publisher = "IEEE Press",

pages = "4868--4877",

editor = "\{Sprague, Jr.\}, \{Ralph H.\}",

booktitle = "Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014",

note = "47th Hawaii International Conference on System Sciences, HICSS 2014 ; Conference date: 06-01-2014 Through 09-01-2014",

}

Kiesling, E, Ekelhart, A, Grill, B, Stummer, C & Strauss, C 2014, Evolving Secure Information Systems through Attack Simulation. in RH Sprague, Jr. (ed.), Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014: 6–9 January 2014, Waikoloa, Hawaii., 6759200, IEEE Press, Danvers, MA, Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 4868-4877, 47th Hawaii International Conference on System Sciences, HICSS 2014, Waikoloa, HI, United States, 6/01/14. https://doi.org/10.1109/HICSS.2014.597

Evolving Secure Information Systems through Attack Simulation. / Kiesling, Elmar; Ekelhart, Andreas; Grill, Bernhard et al.
Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014: 6–9 January 2014, Waikoloa, Hawaii. ed. / Ralph H. Sprague, Jr. Danvers, MA: IEEE Press, 2014. p. 4868-4877 6759200 (Proceedings of the Annual Hawaii International Conference on System Sciences).

Publication: Chapter in book/Conference proceeding › Contribution to conference proceedings

TY - GEN

T1 - Evolving Secure Information Systems through Attack Simulation

AU - Kiesling, Elmar

AU - Ekelhart, Andreas

AU - Grill, Bernhard

AU - Stummer, Christian

AU - Strauss, Christine

PY - 2014/1

Y1 - 2014/1

N2 - In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.

AB - In this paper, we introduce a simulation-based, evolutionary approach for analyzing and improving the security of complex information systems. Rather than following a purely technical approach, we bring in a social and behavioral perspective through a combination of conceptual security knowledge modeling, behavioral modeling of threat agents, simulation of attacks, and evolutionary optimization. Based on results from numerous attack simulations for various internal and external attackers, metrics such as impact on confidentiality, availability, and integrity of the simulated attacks are monitored and efficient sets of security controls with respect to multiple risk, cost and benefit objectives are determined. We describe the developed approach as well as a prototypical implementation and demonstrate its applicability by means of an illustrative example.

UR - https://www.scopus.com/pages/publications/84902288027

U2 - 10.1109/HICSS.2014.597

DO - 10.1109/HICSS.2014.597

M3 - Contribution to conference proceedings

SN - 9781479925049

T3 - Proceedings of the Annual Hawaii International Conference on System Sciences

SP - 4868

EP - 4877

BT - Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014

A2 - Sprague, Jr., Ralph H.

PB - IEEE Press

CY - Danvers, MA

T2 - 47th Hawaii International Conference on System Sciences, HICSS 2014

Y2 - 6 January 2014 through 9 January 2014

ER -

Kiesling E, Ekelhart A, Grill B, Stummer C, Strauss C. Evolving Secure Information Systems through Attack Simulation. In Sprague, Jr. RH, editor, Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014: 6–9 January 2014, Waikoloa, Hawaii. Danvers, MA: IEEE Press. 2014. p. 4868-4877. 6759200. (Proceedings of the Annual Hawaii International Conference on System Sciences). doi: 10.1109/HICSS.2014.597

Evolving Secure Information Systems through Attack Simulation

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this