Advanced Search

Content Type

Topics

Publication Date

Attack Modeling for Information Security and Survivability

Abstract

Many engineering disciplines rely on engineering failure data to improve their designs. Unfortunately, this is not the case with information system engineers, who generally do not use security failure data—particularly attack data—to improve the security and survivability of systems that they develop. Part of the reason for this is that, historically, businesses and governments have been reticent to disclose information about attacks on their systems for fear of losing public confidence or for fear that other attackers would exploit the same or similar vulnerabilities. Specific, detailed attack data has just not been available. 

However, increased public interest and media coverage of the Internet's security have resulted in increased publication of attack data in books, Internet and CERT security advisories, for example. Engineers can now use this data in a structured way to improve information system security and survivability.  

This technical note describes and illustrates an approach for documenting attack information in a structured and reusable form. We expect that security analysts can use this approach to document and identify commonly occurring attack patterns, and that information system designers and analysts can use these patterns to develop more survivable information systems.

Cite This Report

Show Citation Formats

SEI

Moore, Andrew; Ellison, Robert; & Linger, Richard. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001). Software Engineering Institute, Carnegie Mellon University, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5417

IEEE

Moore. Andrew, Ellison. Robert, and Linger. Richard, "Attack Modeling for Information Security and Survivability," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2001-TN-001, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5417

APA

Moore, Andrew., Ellison, Robert., & Linger, Richard. (2001). Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001). Retrieved September 16, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5417

CHI

Andrew Moore, Robert Ellison, & Richard Linger. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5417

MLA

Moore, Andrew., Ellison, Robert., & Linger, Richard. 2001. Attack Modeling for Information Security and Survivability (Technical Report CMU/SEI-2001-TN-001). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5417