Publications

Results 26–50 of 84
Skip to search filters

Development of a statistically based access delay timeline methodology

Rivera, Wayne G.; Robinson, David G.; Wyss, Gregory D.; Hendrickson, Stacey M.

The charter for adversarial delay is to hinder access to critical resources through the use of physical systems increasing an adversarys task time. The traditional method for characterizing access delay has been a simple model focused on accumulating times required to complete each task with little regard to uncertainty, complexity, or decreased efficiency associated with multiple sequential tasks or stress. The delay associated with any given barrier or path is further discounted to worst-case, and often unrealistic, times based on a high-level adversary, resulting in a highly conservative calculation of total delay. This leads to delay systems that require significant funding and personnel resources in order to defend against the assumed threat, which for many sites and applications becomes cost prohibitive. A new methodology has been developed that considers the uncertainties inherent in the problem to develop a realistic timeline distribution for a given adversary path. This new methodology incorporates advanced Bayesian statistical theory and methodologies, taking into account small sample size, expert judgment, human factors and threat uncertainty. The result is an algorithm that can calculate a probability distribution function of delay times directly related to system risk. Through further analysis, the access delay analyst or end user can use the results in making informed decisions while weighing benefits against risks, ultimately resulting in greater system effectiveness with lower cost.

More Details
TYPE SAND Report YEAR 2013
OSTIDOI

What then do we do about computer security?

Berg, Michael J.; Davis, Christopher E.; Mayo, Jackson M.; Suppona, Roger A.; Wyss, Gregory D.

This report presents the answers that an informal and unfunded group at SNL provided for questions concerning computer security posed by Jim Gosler, Sandia Fellow (00002). The primary purpose of this report is to record our current answers; hopefully those answers will turn out to be answers indeed. The group was formed in November 2010. In November 2010 Jim Gosler, Sandia Fellow, asked several of us several pointed questions about computer security metrics. Never mind that some of the best minds in the field have been trying to crack this nut without success for decades. Jim asked Campbell to lead an informal and unfunded group to answer the questions. With time Jim invited several more Sandians to join in. We met a number of times both with Jim and without him. At Jim's direction we contacted a number of people outside Sandia who Jim thought could help. For example, we interacted with IBM's T.J. Watson Research Center and held a one-day, videoconference workshop with them on the questions.

More Details
TYPE SAND Report YEAR 2012
OSTIDOI

Risk-based cost-benefit analysis for security assessment problems

Vulnerability, Uncertainty, and Risk: Analysis, Modeling, and Management - Proceedings of the ICVRAM 2011 and ISUMA 2011 Conferences

Wyss, Gregory D.; Hinton, John P.; Dunphy-Guzman, Katherine; Clem, John; Darby, John; Silva, Consuelo; Mitchiner, Kim

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities. Copyright © ASCE 2011.

More Details
TYPE Conference YEAR 2011
ScopusOSTI

Risk-based cost-benefit analysis for security assessment problems

Proceedings - International Carnahan Conference on Security Technology

Wyss, Gregory D.; Clem, John F.; Darby, John L.; Guzman, Katherine D.; Hinton, John P.; Mitchiner, K.W.

Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities. ©2010 IEEE.

More Details
TYPE Conference YEAR 2010
ScopusOSTI
Results 26–50 of 84
Results 26–50 of 84