Assessing system performance impact of security attacks
First Claim
1. A computer-implemented method for assessing an impact of a security attack on a software system, the method executed by the computer comprising the steps of:
- defining a system performance/reliability affecting metric for an observation period as a fraction of time the system satisfies a defined performance/reliability specification;
defining a resource failure based Markov model and a plurality of resource usage based Markov models for the system, wherein each resource usage based model is associated with a corresponding resource configuration;
using results of security test cases performed on said software system to obtain pass/fail results for each of a plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration;
solving the resource failure based Markov model and the plurality of resource usage based Markov models and obtaining a long term fraction of time each model spends on each of the plurality of states;
andobtaining a measure of the system performance/reliability affecting metric by summing the states for a plurality of system performance requirements met using the pass/fail results obtained from the plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration, and incorporating the long term fraction of time each model spends on each of the plurality of states.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing an impact of a security attack on a system includes defining a system affecting metric for an observation period as a fraction of time the system satisfies a defined specification, defining a resource failure based model and a resource usage based model for the system, obtaining results for each of a plurality of states of the resource failure based model and the resource usage based model, solving the resource failure based model and the resource usage based model and obtaining a term fraction of time each model spends on each of the plurality of states, obtaining a state probability according to the term fraction, and obtaining a measure of the system affecting metric according to the state probability.
27 Citations
17 Claims
-
1. A computer-implemented method for assessing an impact of a security attack on a software system, the method executed by the computer comprising the steps of:
-
defining a system performance/reliability affecting metric for an observation period as a fraction of time the system satisfies a defined performance/reliability specification; defining a resource failure based Markov model and a plurality of resource usage based Markov models for the system, wherein each resource usage based model is associated with a corresponding resource configuration; using results of security test cases performed on said software system to obtain pass/fail results for each of a plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration; solving the resource failure based Markov model and the plurality of resource usage based Markov models and obtaining a long term fraction of time each model spends on each of the plurality of states; and obtaining a measure of the system performance/reliability affecting metric by summing the states for a plurality of system performance requirements met using the pass/fail results obtained from the plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration, and incorporating the long term fraction of time each model spends on each of the plurality of states. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for assessing an impact of a security attack on a software system, comprising:
-
a processor configured to obtain a measure of a system performance/reliability affecting metric for an observation period as a fraction of time the system satisfies a defined performance/reliability specification by defining a resource failure based Markov chain and a plurality of resource usage based Markov chains for the system, wherein each resource usage based chain is associated with a corresponding resource configuration, using results of security test cases performed on said software system to obtaining pass/fail results for each of a plurality of states of the resource failure based Markov chain and the resource usage based Markov chain, solving the resource failure based Markov chain and the resource usage based Markov chain for each corresponding resource configuration and obtaining a long term fraction of time each Markov chain spends on each state, and obtaining a measure of the system affecting metric according to the state probability; and a memory configured to obtain a measure of the system performance/reliability affecting metric by summing the states for a plurality of system performance requirements met using the pass/fail results obtained from the plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration, and incorporating the long term fraction of time each model spends on each of the plurality of states. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium storing instructions executable by a processor to performed method for assessing an impact of a security attack on a software system, the method comprising:
-
defining a system performance/reliability affecting metric for an observation period as a fraction of time the system satisfies a defined performance/reliability specification; defining a resource failure based Markov model and a plurality of resource usage based Markov models for the system, wherein each resource usage based model is associated with a corresponding resource configuration; using results of security test cases performed on said software system to obtain pass/fail results for each of a plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration; solving the resource failure based Markov model and the plurality of resource usage based Markov models and obtaining a long term fraction of time each model spends on each of the plurality of states; and obtaining a measure of the system performance/reliability affecting metric by summing the states for a plurality of system performance requirements met using the pass/fail results obtained from the plurality of states of the resource failure based model and the resource usage based model for each corresponding resource configuration, and incorporating the long term fraction of time each model spends on each of the plurality of states.
-
Specification