A Human-Agent-Focused Approach to Security Modeling - October 2019

PI(s): William H. Sanders

Researcher: Michael Rausch

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

Accounting for Human Behavior - Recognizing the influence of human actions on security outcomes, the aim of this project is to make fundamental advances in scientifically-motivated techniques to aid risk assessment for computer security through the development of a general-purpose, easy-to-use formalism that allows for realistic modeling of cyber systems and all human agents that interact with the system, including adversaries, defenders, and users, with the ultimate goal of generating quantitative results that will help system architects make better design decisions.

Our hypothesis is that models that incorporate all human agents who interact with the system will produce insightful metrics. System architects can leverage the results to build more resilient systems that are able to achieve their mission objectives despite attacks.

Our hypothesis is that models that incorporate all human agents who interact with the system will produce insightful metrics. System architects can leverage the results to build more resilient systems that are able to achieve their mission objectives despite attacks.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

No publications this quarter.

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

We wrote a position paper on why quantitative cyber security modeling is important and how it should be done. We believe that, once published, the paper will help introduce those who are unfamiliar with modeling to the advantages of quantitative modeling approaches for security, teach them how to do it and common pitfalls to avoid. We are currently in the process of identifying an appropriate venue for the paper.

We continued the literature review that we mentioned in the previous reporting period, and as a result identified a state-of-the-art approach.

COMMUNITY ENGAGEMENTS

No community engagement this quarter.

EDUCATIONAL ADVANCES

No educational advances this quarter.