Abstract of "Core Gnosis in Security Evaluation":
In recent years, quantitative security evaluation of highly complex systems has enjoyed considerable attention. This area of research is concerned with the development of methods that allow the quantification of security risks in socio-technical systems and the study of the tradeoffs between performance, dependability, and security that are present in these systems.
In practive, such tradeoffs often affect the applicability of security measures as well as the security level that can be achived.
Core Gnosis (developed at HP Labs in Bristol, UK) is a language and simulation environment for model-based system evaluation. Core Gnosis provides primitives for modelling resources, locations, and actions, and supports evaluation using discrete-process simulation. Furthermore, the language is built upon a thorough mathematical description of the underlying concepts.
These properties render Core Gnosis ideally suited for the evaluation of tradeoffs between performance, dependability, and security.
A major appeal of Core Gnosis lies in the fact that it allows the construction of elegant models for highly complex scenarios. On the other hand, the language requires a way of thinking that is quite different from modelling in common discrete-event simulation. In this talk I will introduce the basic concepts of the language and show how they can be used to model and study a scenario at an appropriate level of abstraction. Based on a case-study, I will illustrate the kind of insights that can be obtained and discuss possible shortcomings in the modelling approach as well as ways of addressing them.
Takustr. 9, Room 006