A Simulation Model for Managing Survivability of Networked Information Systems
Abstract
In this paper the authors develop a model to evaluate the tradeoffs between the cost of defense mechanisms for networked systems and the resulting expected survivability after a network attack. The model consists of three submodels. The first submodel simulates the occurrence of attacks or incidents. The second submodel simulates the impact of an attack on the system. This depends on the type of attack and the defense mechanism installed in the system. The third submodel assesses the survivability of the system which depends on the degree of its degradation after the attack. By varying the level of defense in the simulation, we examine how this expected survivability changes with the defense level. Since costs are assumed to increase with the strength of the defense system, we can derive a cost/survivability curve that managers can use to decide on the appropriate level of security for their organizations. We have also explored the sensitivity of expected survivability to various parameters of the model, such as, the mix of attack types and the rate of occurrence of incidents. SUBJECT TERMS 15. NUMBER OF PAGES survivability, network systems, transition probabilities, 44 defense mechanisms, incident types
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2000
- Accession Number
- ADA388773
Entities
People
- Soumyo D. Moitra
- Suresh L. Konda
Organizations
- Carnegie Mellon University