GGrantIndex
← Search

Computer Security: A Quantitative Approach

$299,966FY2003CSENSF

Harvard University, Cambridge MA

Investigators

Abstract

CCR-0310877 Computer Security: A Quantitative Approach Michael D. Smith, Harvard University The proposed project will improve in a quantifiable manner the computing industry's ability to model, analyze, predict, and ultimately increase the security of large composite information systems (i.e., those built from myriad hardware and software components). The approach uses existing economic methods and tools to quantify the threat posed by malicious individuals; decades of research in economics provide a wealth of quantitative techniques for modelling and measuring the effects individuals have on larger systems. In particular, the proposed work measures system security (or robustness) against modes of failure using economic units (dollars). The proposed model is based on a measure, colloquially known as the cost to break, that represents the market price to find and demonstrate a single, previously unknown flaw. The proposed work will extend this measure to support analysis of real systems, which may contain multiple flaws. The resulting model will yield a means for creating security strategies that correctly reflect the wide range of adversaries and the security priorities of the defense. The project will also produce quantitative threat models, based on economic theory, that provide better insights into the motivation and means of attack available to adversaries. These new models will help the defense estimate the level of security required to successfully deter existing threats, reason about new threats, and quantify the shortcomings of existing security systems.

View original record on NSF Award Search →