Information Assurance Reliability Model (IARM)

Abstract

The objective of this effort is to design, develop, document, demonstrate, evaluate, and deliver science-based methods for information assurance (IA) design and assessment. The ultimate goal of the proposed research is to improve the IA reliability and robustness of systems overall and their ability to withstand asymmetric attacks. This can be achieved by means of scientific methods and modeling techniques that assist in specifying requisite IA protection of a system, and in measuring the ability of a design or implementation of a system to meet that specification. The results of IARM research during its two phases demonstrate that a reliability approach to IA of systems shows a lot of promise, and can contribute to more rapid maturation of the field and increased reliability of systems against IA attacks. The current predominance of IA research into defense against specific attacks, and the lack of useful metrics collection are ignoring this promising direction for research and systems engineering. IARM researchers have observed that too little thought is being given to useful metrics to collect during system operation, and in the course of other IA research. For example, currently, it is common to measure the amount of time it takes a Red Team to attack a given system. However, metrics and observations related to the effect of various Red Team or hacker actions on a system would contribute significantly to the growth of IA reliability and the ability to integrate IA approaches within the system engineering process. The article reviews phase 1 of the project, which included mathematical modeling using continuous time Markov chains and computing state transition diagram transition probabilities and transition rates, and phase 2 of the project, which included real time reliability monitoring, top level architecture, and human behavioral modeling of attackers and security system administrators using variations of game theory. (13 refs.)

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2002
Accession Number
ADA410474

Entities

People

  • Mark J. Kuckelman
  • Robert J. Moore
  • Roberta L. Gotfried

Organizations

  • RTX

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Engineering
  • Governments
  • Human Behavior
  • Information Assurance
  • Information Systems
  • Markov Chains
  • Mathematical Analysis
  • Operating Systems
  • Probability
  • Reliability
  • Security
  • Security Personnel
  • Software Development
  • Systems Engineering
  • United States Government

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Systems Analysis and Design