Mission-oriented security model, incorporating security risk, cost and payout

Sayed M. Sayed, Tom La Porta, Trent Jaeger, Z. Berkay Celik, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

One of the most difficult challenges facing network operators is to estimate risk and allocate resources in adversarial environments. Failure to properly allocate resources leads to failed activities, poor utilization, and insecure environments. In this paper, we explore an optimization-based approach to allocating resources called a mission-oriented security model. This model integrates security risk, cost and payout metrics to optimally allocate constrained secure resources to discrete actions called missions. We model this operation as a Mixed Integer Linear Program (MILP) which can be solved efficiently by different optimization solvers such as MATLAB MILP solver, IBM-CPLEX optimizer or CVX solver. We further introduce and explore a novel method to evaluate security risk in resource planning using two datasets—the Ponemon Institute cost of breach survey and CSI/FBI surveys of security events. Data driven simulations are used to validate the model robustness and uncover a number of insights on the importance of risk valuation in resource allocation.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - 14th International Conference, SecureComm 2018, Proceedings
EditorsBing Chang, Yingjiu Li, Raheem Beyah, Sencun Zhu
PublisherSpringer Verlag
Pages192-212
Number of pages21
ISBN (Print)9783030017033
DOIs
StatePublished - 2018
Event14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018 - Singapore, Singapore
Duration: Aug 8 2018Aug 10 2018

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume255
ISSN (Print)1867-8211

Other

Other14th International EAI Conference on Security and Privacy in Communication Networks, SecureComm 2018
Country/TerritorySingapore
CitySingapore
Period8/8/188/10/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Mission-oriented security model, incorporating security risk, cost and payout'. Together they form a unique fingerprint.

Cite this