Information System Modeling for Analysis of Propagation Effects and Levels of Damage | SpringerLink
Skip to main content

Information System Modeling for Analysis of Propagation Effects and Levels of Damage

  • Conference paper
Computational Science and Its Applications - ICCSA 2006 (ICCSA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3982))

Included in the following conference series:

Abstract

The number of newly developed information systems has grown considerably in their areas of application, and their concomitant threats of intrusions for the systems over the Internet have increased, too. To reduce the possibilities of such threats, studies on security risk analysis in the field of information security technology have been actively conducted. However, it is very difficult to analyze actual causes of damage or to establish safeguards when intrusions on systems take place within the structure of different assets and complicated networks. Therefore, it is essential that comprehensive preventive measures against intrusions are established in advance through security risk analysis. Vulnerabilities and threats are increasing continuously, while safeguards against these risks are generally only realized some time after damage through an intrusion has occurred. Therefore, it is vital that the propagation effects and levels of damage are analyzed using real-time comprehensive methods in order to predict damage in advance and minimize the extent of the damage. For this reason we propose a modeling technique for information systems by making use of SPICE and Petri-Net, and methods for analyzing the propagation effects and levels of damage based on the epidemic model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 14866
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y., Kim, I.: Security Risk Analysis Model for Information Systems. In: Baik, D.-K. (ed.) AsiaSim 2004. LNCS (LNAI), vol. 3398, Springer, Heidelberg (2005)

    Google Scholar 

  2. Zhang, Y.-K., Wang, F.-W., Zhang, Y.-Q., Ma, J.-F.: Worm Propagation Modeling and Analysis Based on Quarantine. In: Infosec 2004, November 14-16. ACM, New York (2004) ISBN:1-58113-955-1

    Google Scholar 

  3. Park, K.M., Kwang, D.: PSpice Understanding and Application (revised) (1992) ISBN 89-85305-02-6

    Google Scholar 

  4. Reisig, W.: Petri Nets, An Introduction, EATCS. In: Brauer, W., Rozenberg, G., Salomaa, A. (eds.) Monographs on Theoretical Computer Science. Springer, Berlin (1985)

    Google Scholar 

  5. Yourdon, E.: Modern Structured Analysis. Prentice-Hall, Englewood Cliffs (1989)

    Google Scholar 

  6. Black, P.E. (ed.): Deterministic finite state machine, Dictionary of Algorithms and Data Structures, NIST, http://www.nist.gov/dads/HTML/determFinitStateMach.html

  7. Kristensen, L.M., Christensen, S., Jensen, K.: The Practitioner’s Guide to Coloured Petri Nets. International Journal on Software Tools for Technology Transfer 2, 98–132 (1998)

    Article  MATH  Google Scholar 

  8. Tuinenga, P.: SPICE: A Guide to Circuit Simulation and Analysis Using PSpice, 3rd edn. Prentice-Hall, Englewood Cliffs (1995) ISBN 0-13-158775-7

    Google Scholar 

  9. ISO/IEC TR 13335, Information technology - Guidelines for the management of IT Security: GMITS (1998)

    Google Scholar 

  10. CSE (Canadian Secutiy Establishment), A Guide to Security Risk Management for IT Systems, Government of Canada (1996)

    Google Scholar 

  11. MacDonald, D., Mackay, S. (eds.): Practical Hazops, Trips and Alarms (Paperback). Butterworth-Heinemann, Butterworths (2004)

    Google Scholar 

  12. RAC, Fault Tree Analysis Application Guide (1991)

    Google Scholar 

  13. CMU, OCTAVE (Operationally Critical Threat, Assets and Vulnerability Evalustion) (December 2001)

    Google Scholar 

  14. Dimitrakos, T., Bicarregui, J., Stolen, K.: CORAS - a framework for risk analysis of security critical systems. ERCIM News 49, 25–26 (2002)

    Google Scholar 

  15. Bang, Y.-H., Jung, Y.J., Kim, I., Lee, N., Lee, G.S.: Design and Development of a Risk Analysis Automatic Tool. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 491–499. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. CRAMM, http://www.cramm.com

  17. Palisade Corporation, @RISK, http://www.palisade.com

  18. Countermeasures, Inc., The Buddy System, http://www.buddysystem.net

  19. Information Security Management, Part 2. Specification for Information Security Management System, British Standards Institution (BSI)

    Google Scholar 

  20. BSI (2003), http://www.bsi.bund.de/english/gshb/manual/index.htm

  21. Dubendorfer, T., Wagner, A., Plattner, B.: An Economic Damage Model for Large Scale Internet Attacks. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies Infrastructure for Collaborative Enterprise (WET ICE 2004), pp. 1524–4547 (2004)

    Google Scholar 

  22. Kim, I.J., Chung, Y.J., Lee, Y.G., Won, D.: A time-variant risk analysis and damage estimation for large-scale network systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 92–101. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Kim, I.J., Jung, Y.J., Park, J.G., Won, D.: A Study on Security Risk Modeling over Information and Communication Infrastructure. In: SAM 2004, pp. 249–253 (2004)

    Google Scholar 

  24. Liljenstam, M., Nicol, D.M., Berk, V.H., Gray, R.S.: Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing. In: Proceedings of the 2003 ACM workshop on Rapid Malcode, pp. 24–33. ACM Press, New York (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, I., Chung, Y., Lee, Y., Im, E.G., Won, D. (2006). Information System Modeling for Analysis of Propagation Effects and Levels of Damage. In: Gavrilova, M., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3982. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751595_7

Download citation

  • DOI: https://doi.org/10.1007/11751595_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34075-1

  • Online ISBN: 978-3-540-34076-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics