Skip to main content
Springer Nature Link
Log in

Research on a Quantitative Security Risk Assessment Approach in Large-Scale Early Warning System

  • Conference paper
Grid and Cooperative Computing - GCC 2004 Workshops (GCC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3252))

Included in the following conference series:

  • 586 Accesses

Abstract

Large-scale Early Warning (EW) is an indispensable component for protecting national information infrastructure. Various qualitative and quantitative models of Security Risk Assessment (SRA) are surveyed and evaluated in this paper. Then, the paper proposes a hierarchical on-line SRA model for three levels of subsystems in an EW system, i.e., local EW groups, regional EW centers, and the national EW center. In this model, the SRA system in a regional EW center evaluates the threat, vulnerability, impact, and control of each local group to calculate the local residue risk value, and calculates the regional residue risk value and reports it to the national EW center. To compute the national residue risk value, the SRA system in the national EW center synthesizes reports and values from all regional centers. A prototype of the hierarchical on-line SRA model was implemented in an EW system. Experimental results show the effectiveness of the proposed method.

Work is supported by the National Natural Science Foundation of China, under Grant 60303012, 90104001 and National High Technology (863) Program No. 2003AA142010.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Sandia National Laboratories: Us Infrastructure Assurance Strategic Roadmaps – Strategies For Preserving Our National Security (August 1998)

    Google Scholar 

  2. The International Organization for Standardization: Common Criteria for Information Technology Security Evaluation. ISO/IEC15408: 1999(E) (1999)

    Google Scholar 

  3. SSE-CMM Model Description Document Version 2.0 (1999), http://www.sse-cmm.org

  4. International Organization for Standardization: BS ISO/IEC 17799:2000 Information Technology – Code of Practice for Information Security Management (December 2000)

    Google Scholar 

  5. BSI/DISC Committee BDD/2: BS7799 Code of Practice for Information Security Management (1999)

    Google Scholar 

  6. International Organization for Standardization: ISO/IEC TR 13335, Information Technology – Guidelines for the Management of IT Security (GMITS) (1996-2001)

    Google Scholar 

  7. National Security Agency: Information Assurance Technical Framework (IATF), Version 3.0 (2000), http://www.iatf.net

  8. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and Technology (NIST). NIST Special Publication 800-30 (October 2001)

    Google Scholar 

  9. Alberts, C.J., Dorofee, A.J.: OCTAVESM Method Implementation Guide, v2.0. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University (2001)

    Google Scholar 

  10. C&A Systems Security Ltd.: COBRA: Introduction to Risk Analysis, http://www.ca-systems.zetnet.co.uk/risk.htm

  11. Rathmell, A., Overill, R., Valeri, L.: Information Warfare Attack Assessment System (IWAAS). Information Warfare Seminar. London (October 1997)

    Google Scholar 

  12. Xujia, X., Chuang, L., Yixin, J.: A Survey of Computer Vulnerability Assessment. Chinese Journal of Computers 27(1), 1–11 (2004)

    Google Scholar 

  13. Butler, S.A.: Security Attribute Evaluation Method. CMU-CS-03-132. Submitted in partial fulfillment of the requirements for the Degree of Doctor of Philosophy. School of Computer Science Carnegie Mellon University, Pittsburgh. PA 15213 (May 2003)

    Google Scholar 

  14. International Information System Security Certification Consortium (ISC)2: Security management, http://www.os-global.com/

  15. Tan, D.: Quantitative Risk Analysis Step-By-Step. GSEC Practical Version 1.4b – Option 1. As part of the Information Security Reading Room. SANS Institute (2003)

    Google Scholar 

  16. Peltier, T.R.: Information Security Risk Analysis. Auerbach Publications, New York (2001)

    Google Scholar 

  17. List of Risk Analysis, Assessment and Management Tools (1998), http://www.theiia.org/ITAuidit

  18. Meritt, J.W.: CISSP.: A Method for Quantitative Risk Analysis, http://www.auditnet.org/docs/riskmeth.PDF

  19. Qing, M.: Characteristic Information Fusion Method on Network Security Strategic Indication/ Warning System. Computer Engineering 28(7) (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defence Technology, 410073, Changsha, Hunan, P.R. China

    Lei Xuan & Xin Xu

Authors
  1. Lei Xuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xin Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology, Huazhong University of Science and Technology, 430074, Wuhan, China

    Hai Jin

  2. Dept. of CS, Georgia State University, 30302, Atlanta, GA, USA

    Yi Pan

  3. National Laboratory for Parallel and Distributed Processing, NUDT, 410073, Changsha, Hunan, China

    Nong Xiao

  4. Cluster and Grid Computing Lab, Huazhong University of Science and Technology, 430074, Wuhan, China

    Jianhua Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xuan, L., Xu, X. (2004). Research on a Quantitative Security Risk Assessment Approach in Large-Scale Early Warning System. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds) Grid and Cooperative Computing - GCC 2004 Workshops. GCC 2004. Lecture Notes in Computer Science, vol 3252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30207-0_61

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30207-0_61

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23578-1

  • Online ISBN: 978-3-540-30207-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics