{"title":"Risk-based model for tracking complexity in system vulnerability analysis","authors":"P. Sarda, J. Lambert","doi":"10.1109/SIEDS.2004.239817","DOIUrl":null,"url":null,"abstract":"We describe a method for tracking model complexity in system vulnerability analysis. The method builds on the collection of risk scenarios describing known vulnerabilities of systems and system components. We introduce the concept of an interaction as a mapping between a risk scenario and one or more system components. An interaction is direct when the mapping is obvious. An interaction is indirect when the mapping can make use of nonobvious relationships among system components. Indirect interactions characterize the rippling effects of a risk scenario and are used to identify the nonobvious interdependencies. With the above foundation, the method extends traditional process control charts to track evolving knowledge of scenarios and systems. The charts signal the emergence of anomalous variation in emerging knowledge of system vulnerability. The method is applied iteratively to avoid situations of surprise in an emerging model (scenarios and systems) of system vulnerability. An application of the method is discussed","PeriodicalId":287496,"journal":{"name":"Proceedings of the 2004 IEEE Systems and Information Engineering Design Symposium, 2004.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2004 IEEE Systems and Information Engineering Design Symposium, 2004.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIEDS.2004.239817","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
We describe a method for tracking model complexity in system vulnerability analysis. The method builds on the collection of risk scenarios describing known vulnerabilities of systems and system components. We introduce the concept of an interaction as a mapping between a risk scenario and one or more system components. An interaction is direct when the mapping is obvious. An interaction is indirect when the mapping can make use of nonobvious relationships among system components. Indirect interactions characterize the rippling effects of a risk scenario and are used to identify the nonobvious interdependencies. With the above foundation, the method extends traditional process control charts to track evolving knowledge of scenarios and systems. The charts signal the emergence of anomalous variation in emerging knowledge of system vulnerability. The method is applied iteratively to avoid situations of surprise in an emerging model (scenarios and systems) of system vulnerability. An application of the method is discussed
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
