Method and apparatus for analyzing information systems using stored tree database structures
First Claim
1. A computer-implemented method for evaluating the security of a system, comprising the steps of:
- (a) receiving an identifier of a particular system to be evaluated;
(b) storing in a computer-readable medium a logic tree data structure representing a security model which corresponds to the selected information protection system, said logic tree including;
(i) a plurality of leaf nodes, each of which represents a particular security attribute of the selected system,(ii) a root node representing an overall indication of the security of the system and(iii) at least one intermediate node located between said leaf nodes and said root node, said intermediate node representing a logical relationship between at least two of said particular security attributes; and
(c) receiving values for said leaf nodes quantifying said attributes;
(d) computing a value of said root node that provides an indication of the overall security of the system.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method and apparatus electronically represent and quantify the security of a system as a logical tree structure including leaf nodes representing attacks against the system and intermediate nodes representing various logical combinations of attacks necessary to mount a successful overall attack. An indication of the overall security of the system is quantified in a value of a root node of the tree. The values of the various nodes can be Boolean or continuous, representing simple binary security attributes such as feasible/infeasible or more complicated attributes such as cost, time or probability. The nodes'"'"' attributes and values can also represent defenses as well as attacks. The attack trees can be used to calculate the cost, time or probability of an attack to list the security assumptions of a system, to compare competing systems, to evaluate system modifications, to perform security subsystem analysis, to allocate a security budget, and for many other uses.
-
Citations
76 Claims
-
1. A computer-implemented method for evaluating the security of a system, comprising the steps of:
-
(a) receiving an identifier of a particular system to be evaluated; (b) storing in a computer-readable medium a logic tree data structure representing a security model which corresponds to the selected information protection system, said logic tree including; (i) a plurality of leaf nodes, each of which represents a particular security attribute of the selected system, (ii) a root node representing an overall indication of the security of the system and (iii) at least one intermediate node located between said leaf nodes and said root node, said intermediate node representing a logical relationship between at least two of said particular security attributes; and (c) receiving values for said leaf nodes quantifying said attributes; (d) computing a value of said root node that provides an indication of the overall security of the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 56, 75, 76)
-
-
39. A computer-readable medium storing a logic data tree structure comprising:
-
(a) a plurality of leaf nodes, each of which represents a particular security attribute of a system; (b) a root node representing an overall indication of the security of said system; and (c) at least one intermediate node located between said leaf nodes and said root node, said intermediate node representing a between at least two of said particular security attributes; and said leaf nodes having values quantifying said attributes whereby a value of said root node provides said indication of said security of said system for use in evaluating said security of said system. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
Specification