This work discusses an approach to estimate the likelihood of occurrence and evolution in time of software security issues. First, software vulnerability assessment is revised under the light of recent studies. Then, guidelines are proposed that allow for (formal) modelling stochastic aspects of cybersecurity-relevant scenarios. This opens a connection to the field of formal methods, where automated tools like statistical model checkers can estimate the value of property queries characterising such scenarios. But exploitable vulnerabilities and attacks in cybersecurity are rare events, which calls for specialised tools. In view of this, the work finalises presenting FIG, a statistical model checker specialised on rare event simulation. FIG, an open source software tool freely available at https://git.cs.famaf.unc.edu.ar/dsg/fig, can be used to estimate the probability of an attack within the next release cycle.
Using Statistical Model Checking for Cybersecurity Analysis / Budde, Carlos E.. - ELETTRONICO. - 1807:(2023), pp. 16-32. (Intervento presentato al convegno 1st International Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision, CyberSec4Europe 2022 tenutosi a Venice, Italy nel 17-21 April 2022) [10.1007/978-3-031-36096-1_2].
Using Statistical Model Checking for Cybersecurity Analysis
Budde, Carlos E.
2023-01-01
Abstract
This work discusses an approach to estimate the likelihood of occurrence and evolution in time of software security issues. First, software vulnerability assessment is revised under the light of recent studies. Then, guidelines are proposed that allow for (formal) modelling stochastic aspects of cybersecurity-relevant scenarios. This opens a connection to the field of formal methods, where automated tools like statistical model checkers can estimate the value of property queries characterising such scenarios. But exploitable vulnerabilities and attacks in cybersecurity are rare events, which calls for specialised tools. In view of this, the work finalises presenting FIG, a statistical model checker specialised on rare event simulation. FIG, an open source software tool freely available at https://git.cs.famaf.unc.edu.ar/dsg/fig, can be used to estimate the probability of an attack within the next release cycle.File | Dimensione | Formato | |
---|---|---|---|
paper.pdf
Open Access dal 17/06/2024
Tipologia:
Post-print referato (Refereed author’s manuscript)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
637.14 kB
Formato
Adobe PDF
|
637.14 kB | Adobe PDF | Visualizza/Apri |
978-3-031-36096-1_2.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
709.43 kB
Formato
Adobe PDF
|
709.43 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione