Modeling and Assessment of Systems Security

Information technology (IT) is a crucial resource and enabler in almost every part of our society. However, there are severe risks associated with IT that may substantially decrease the potential benefits. To handle these risks, it is essential to be able to judge the security posture of systems. This requires the ability to perform security assessments. However, since security is an abstract, subjective, and non-tangible property, proper security assessment of non-trivial systems is hard. Currently, there is a lack of methods for efficient, reliable, and valid security assessments. In this paper, problems relating to the structural assessment of system security are addressed. In structural security assessments, the security of systems is quantified based on the security qualities of and inter- relations between sub-systems.