Visible to the public Data-Driven Model-Based Decision-Making - January 2015Conflict Detection Enabled

Submitted by awhitesell on Fri, 01/09/2015 - 12:03pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): William Sanders, Masooda Bashir, David Nicol, and Aad Van Moorsel (Newcastle University, UK)

Co-PI(s): Ken Keefe, Mohamad Noureddine, Charles Morriset* and Rob Cain* (*Newcastle University, UK)

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

  • Predictive Security Metrics - System security analysis requires a holistic approach that considers the behavior of non-human subsystem, bad actors or adversaries, and expected human participants such as users and system administrators. We are developing the HITOP modeling formalism to formally describe the behavior of human participants and how their decisions affect overall system performance and security. With this modeling methodology and the tool support we are developing, we will produce quantitative security metrics for cyber-human systems.
  • Human Behavior - Modeling and evaluating human behavior is challenging, but it is an imperative component in security analysis. Stochastic modeling serves as a good approximation of human behavior, but we intend to do more with the HITOP method, which considers a task based process modeling language that evaluates a human's opportunity, willingness, and capability to perform individual tasks in their daily behavior. Partnered with an effective data collection strategy to validate model parameters, we are working to provide a sound model of human behavior.

PUBLICATIONS
Papers published in this quarter as a result of this research. Include title, author(s), venue published/presented, and a short description or abstract. Identify which hard problem(s) the publication addressed. Papers that have not yet been published should be reported in region 2 below.

No publications this quarter.

ACCOMPLISHMENT HIGHLIGHTS

During this quarter, our team met with several cyber security experts to validate our approach regarding the expansion of the HITOP human modeling method. We conducted an in-depth literature analysis to understand how others have approached the task of human modeling in security. In addition, we have identified useful approaches for data collection for assessing our security model parameters. A report on these approaches has been drafted and is being prepared for inclusion in doctoral dissertation. In addition, we have developed a formulation of these data collection approaches as an optimization problem.

Groups: