Caulfield, T. and Pym, D. and Williams, J. (2014) 'Compositional security modelling : structure, economics, and behaviour.', in Human aspects of information security, privacy, and trust : 2nd International Conference, HAS 2014, Held as part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014 : proceedings. Heidelberg: Springer, pp. 233-245. Lecture notes in computer science., 8533 (8533).
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers’ policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems.
|Item Type:||Book chapter|
|Full text:||(AM) Accepted Manuscript|
Download PDF (403Kb)
|Publisher Web site:||http://dx.doi.org/10.1007/978-3-319-07620-1_21|
|Publisher statement:||The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-07620-1_21|
|Record Created:||07 Jul 2015 17:20|
|Last Modified:||06 Aug 2015 16:11|
|Social bookmarking:||Export: EndNote, Zotero | BibTex|
|Look up in GoogleScholar | Find in a UK Library|