Cyber Risk Metrics for DHS

This project leverages the MIRROR/MORDA adversary attack analysis methodology and the Möbius modeling software framework to create a new adversary-driven, state-based system security evaluation method. This new method, called ADversary VIew Security Evaluation (ADVISE), aggregates security-relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions. Our approach is to create an executable state-based security model of a system. The security model is initialized with information characterizing the system and the adversaries attacking the system. The model then simulates the attack behavior of the adversaries to produce a quantitative assessment of system security strength. The project also includes the development of a tool that implements the ADVISE formalism.

(Funded by DHS)