Combinatorial models

--Reliability Block Diagrams: (RBD) map the operational dependency of a system on its components and not the physical structure of the system, including blocks, edges, and dummy nodes. Some software packages have been developed to support construction and solution of RBD models and now it is frequently used in reliability and availability modeling. We have yet to see an application of RBDs in security modeling, but needs to create a compositional theory of security first.

Here is a brief introduction of RBDs: http://www.reliabilityeducation.com/rbd.pdf

It defines logical interaction of failures within a system that are required to sustain system operation. Once the blocks are configured properly and block data is provided, the failure rate, MTBF(mean time between failures), reliability, and availability of the system can be calculated. When it comes to security field, we need to care confidentiality and integrity, using the same method. It is also a good idea if we could use RBD to do security modeling and then quantitatively measure the security of system in order to help IT manager to manage the trade-off between functionality and security.