One is to quantitatively measure the performability and security of the system, that is to quantify the amount of security provided by a system-level method. It needs first to specify the security policy, describe the vulnerabilities of the target system, and then quantitatively evaluation based on some model, like privilege graph model. One crucial factor is to define "cost" for them, such as intrusion damage cost, response cost. I was considering relate this cost to their performance.
Second is that I'm trying to build a intrusion response system based on our cps. First I have to get some intrusion alerts as the input to this IRS from some kind of intrusion detection system. Right now I'm doing with Bro developed by a researcher in UCB. It may need at least one week to get familiar with such system.
No comments:
Post a Comment