This work discusses an approach to estimate the likelihood of occurrence and evolution in time of software security issues. First, software vulnerability assessment is revised under the light of recent studies. Then, guidelines are proposed that allow for (formal) modelling stochastic aspects of cybersecurity-relevant scenarios. This opens a connection to the field of formal methods, where automated tools like statistical model checkers can estimate the value of property queries characterising such scenarios. But exploitable vulnerabilities and attacks in cybersecurity are rare events, which calls for specialised tools. In view of this, the work finalises presenting FIG, a statistical model checker specialised on rare event simulation. FIG, an open source software tool freely available at https://git.cs.famaf.unc.edu.ar/dsg/fig, can be used to estimate the probability of an attack within the next release cycle.

Using Statistical Model Checking for Cybersecurity Analysis / Budde, Carlos E.. - ELETTRONICO. - 1807:(2023), pp. 16-32. (Intervento presentato al convegno 1st International Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision, CyberSec4Europe 2022 tenutosi a Venice, Italy nel 17-21 April 2022) [10.1007/978-3-031-36096-1_2].

Using Statistical Model Checking for Cybersecurity Analysis

Budde, Carlos E.
2023-01-01

Abstract

This work discusses an approach to estimate the likelihood of occurrence and evolution in time of software security issues. First, software vulnerability assessment is revised under the light of recent studies. Then, guidelines are proposed that allow for (formal) modelling stochastic aspects of cybersecurity-relevant scenarios. This opens a connection to the field of formal methods, where automated tools like statistical model checkers can estimate the value of property queries characterising such scenarios. But exploitable vulnerabilities and attacks in cybersecurity are rare events, which calls for specialised tools. In view of this, the work finalises presenting FIG, a statistical model checker specialised on rare event simulation. FIG, an open source software tool freely available at https://git.cs.famaf.unc.edu.ar/dsg/fig, can be used to estimate the probability of an attack within the next release cycle.
2023
Digital Sovereignty in Cyber Security: New Challenges in Future Vision
Cham
Springer Science and Business Media Deutschland GmbH
978-3-031-36095-4
978-3-031-36096-1
Budde, Carlos E.
Using Statistical Model Checking for Cybersecurity Analysis / Budde, Carlos E.. - ELETTRONICO. - 1807:(2023), pp. 16-32. (Intervento presentato al convegno 1st International Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision, CyberSec4Europe 2022 tenutosi a Venice, Italy nel 17-21 April 2022) [10.1007/978-3-031-36096-1_2].
File in questo prodotto:
File Dimensione Formato  
paper.pdf

Open Access dal 17/06/2024

Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 637.14 kB
Formato Adobe PDF
637.14 kB Adobe PDF Visualizza/Apri
978-3-031-36096-1_2.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 709.43 kB
Formato Adobe PDF
709.43 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/392129
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact