Mission-oriented security model, incorporating security risk, cost and payout

Sayed M. Sayed; Tom La Porta; Trent Jaeger; Z. Berkay Celik; Patrick McDaniel

doi:10.1007/978-3-030-01704-0_11

Mission-oriented security model, incorporating security risk, cost and payout

Sayed M. Sayed, Tom La Porta, Trent Jaeger, Z. Berkay Celik, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

One of the most difficult challenges facing network operators is to estimate risk and allocate resources in adversarial environments. Failure to properly allocate resources leads to failed activities, poor utilization, and insecure environments. In this paper, we explore an optimization-based approach to allocating resources called a mission-oriented security model. This model integrates security risk, cost and payout metrics to optimally allocate constrained secure resources to discrete actions called missions. We model this operation as a Mixed Integer Linear Program (MILP) which can be solved efficiently by different optimization solvers such as MATLAB MILP solver, IBM-CPLEX optimizer or CVX solver. We further introduce and explore a novel method to evaluate security risk in resource planning using two datasets—the Ponemon Institute cost of breach survey and CSI/FBI surveys of security events. Data driven simulations are used to validate the model robustness and uncover a number of insights on the importance of risk valuation in resource allocation.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings
Editors	Bing Chang, Yingjiu Li, Raheem Beyah, Sencun Zhu
Publisher	Springer Verlag
Pages	192-212
Number of pages	21
ISBN (Print)	9783030017033
DOIs	https://doi.org/10.1007/978-3-030-01704-0_11
State	Published - 2018
Event	14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018 - Singapore, Singapore Duration: Aug 8 2018 → Aug 10 2018

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	255
ISSN (Print)	1867-8211

Other

Other	14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018
Country/Territory	Singapore
City	Singapore
Period	8/8/18 → 8/10/18

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Access to Document

10.1007/978-3-030-01704-0_11

Cite this

Sayed, S. M., La Porta, T., Jaeger, T., Celik, Z. B., & McDaniel, P. (2018). Mission-oriented security model, incorporating security risk, cost and payout. In B. Chang, Y. Li, R. Beyah, & S. Zhu (Eds.), Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings (pp. 192-212). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 255). Springer Verlag. https://doi.org/10.1007/978-3-030-01704-0_11

Sayed, Sayed M. ; La Porta, Tom ; Jaeger, Trent et al. / Mission-oriented security model, incorporating security risk, cost and payout. Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings. editor / Bing Chang ; Yingjiu Li ; Raheem Beyah ; Sencun Zhu. Springer Verlag, 2018. pp. 192-212 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{1c6a111e7fa0433cbaf9acdc8a4bbc8a,

title = "Mission-oriented security model, incorporating security risk, cost and payout",

abstract = "One of the most difficult challenges facing network operators is to estimate risk and allocate resources in adversarial environments. Failure to properly allocate resources leads to failed activities, poor utilization, and insecure environments. In this paper, we explore an optimization-based approach to allocating resources called a mission-oriented security model. This model integrates security risk, cost and payout metrics to optimally allocate constrained secure resources to discrete actions called missions. We model this operation as a Mixed Integer Linear Program (MILP) which can be solved efficiently by different optimization solvers such as MATLAB MILP solver, IBM-CPLEX optimizer or CVX solver. We further introduce and explore a novel method to evaluate security risk in resource planning using two datasets—the Ponemon Institute cost of breach survey and CSI/FBI surveys of security events. Data driven simulations are used to validate the model robustness and uncover a number of insights on the importance of risk valuation in resource allocation.",

author = "Sayed, {Sayed M.} and {La Porta}, Tom and Trent Jaeger and Celik, {Z. Berkay} and Patrick McDaniel",

note = "Funding Information: Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein. Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.; 14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018 ; Conference date: 08-08-2018 Through 10-08-2018",

year = "2018",

doi = "10.1007/978-3-030-01704-0_11",

language = "English (US)",

isbn = "9783030017033",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "192--212",

editor = "Bing Chang and Yingjiu Li and Raheem Beyah and Sencun Zhu",

booktitle = "Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings",

address = "Germany",

}

Sayed, SM, La Porta, T, Jaeger, T, Celik, ZB & McDaniel, P 2018, Mission-oriented security model, incorporating security risk, cost and payout. in B Chang, Y Li, R Beyah & S Zhu (eds), Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 255, Springer Verlag, pp. 192-212, 14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018, Singapore, Singapore, 8/8/18. https://doi.org/10.1007/978-3-030-01704-0_11

Mission-oriented security model, incorporating security risk, cost and payout. / Sayed, Sayed M.; La Porta, Tom; Jaeger, Trent et al.
Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings. ed. / Bing Chang; Yingjiu Li; Raheem Beyah; Sencun Zhu. Springer Verlag, 2018. p. 192-212 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 255).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Mission-oriented security model, incorporating security risk, cost and payout

AU - Sayed, Sayed M.

AU - La Porta, Tom

AU - Jaeger, Trent

AU - Celik, Z. Berkay

AU - McDaniel, Patrick

N1 - Funding Information: Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein. Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.

PY - 2018

Y1 - 2018

N2 - One of the most difficult challenges facing network operators is to estimate risk and allocate resources in adversarial environments. Failure to properly allocate resources leads to failed activities, poor utilization, and insecure environments. In this paper, we explore an optimization-based approach to allocating resources called a mission-oriented security model. This model integrates security risk, cost and payout metrics to optimally allocate constrained secure resources to discrete actions called missions. We model this operation as a Mixed Integer Linear Program (MILP) which can be solved efficiently by different optimization solvers such as MATLAB MILP solver, IBM-CPLEX optimizer or CVX solver. We further introduce and explore a novel method to evaluate security risk in resource planning using two datasets—the Ponemon Institute cost of breach survey and CSI/FBI surveys of security events. Data driven simulations are used to validate the model robustness and uncover a number of insights on the importance of risk valuation in resource allocation.

AB - One of the most difficult challenges facing network operators is to estimate risk and allocate resources in adversarial environments. Failure to properly allocate resources leads to failed activities, poor utilization, and insecure environments. In this paper, we explore an optimization-based approach to allocating resources called a mission-oriented security model. This model integrates security risk, cost and payout metrics to optimally allocate constrained secure resources to discrete actions called missions. We model this operation as a Mixed Integer Linear Program (MILP) which can be solved efficiently by different optimization solvers such as MATLAB MILP solver, IBM-CPLEX optimizer or CVX solver. We further introduce and explore a novel method to evaluate security risk in resource planning using two datasets—the Ponemon Institute cost of breach survey and CSI/FBI surveys of security events. Data driven simulations are used to validate the model robustness and uncover a number of insights on the importance of risk valuation in resource allocation.

UR - http://www.scopus.com/inward/record.url?scp=85059704142&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85059704142&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-01704-0_11

DO - 10.1007/978-3-030-01704-0_11

M3 - Conference contribution

AN - SCOPUS:85059704142

SN - 9783030017033

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 192

EP - 212

BT - Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings

A2 - Chang, Bing

A2 - Li, Yingjiu

A2 - Beyah, Raheem

A2 - Zhu, Sencun

PB - Springer Verlag

T2 - 14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018

Y2 - 8 August 2018 through 10 August 2018

ER -

Sayed SM, La Porta T, Jaeger T, Celik ZB, McDaniel P. Mission-oriented security model, incorporating security risk, cost and payout. In Chang B, Li Y, Beyah R, Zhu S, editors, Security and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings. Springer Verlag. 2018. p. 192-212. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-030-01704-0_11

Mission-oriented security model, incorporating security risk, cost and payout

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this