IEEE IEEE Home Search IEEE Contact IEEE
Membership Standards Conferences Careers/Jobs

Computer System Security

September 2003 Section Meeting

When: Wednesday, September 24,2003

Speaker: Dr. Max Salinas, UVA Electrical/Computer Engineering Dept. Click here for his biographical information.


Everyone claims to be concerned about security, but how can we tell who is doing a good job? This presentation will describe a proposed methodology to assess computer system security based on evaluations from three complementary perspectives: requirements and specifications, system attributes, and experimentation. The underlying evaluations lead to the development and modification of Bayesian Belief Network models which incorporate mechanisms to accommodate "out-of-model" breaches in security that may be observed from experience with actual systems.

The three perspectives incorporated in the Multiple Perspective Security Assessment Methodology (MPSAM) were selected because they provide complementary views defining system behavior. The initial system designers view the system as a collection of requirements and specifications and need to be able to perform some early analyses to estimate the expected security. Potential system users may additionally consider attributes describing the environment and context for the system, such as distribution and age, to provide some indication of the expected system security based on historical information provided from similarly classified systems. The assessments made from these initial two perspectives will frequently be refined as a result of experience with the system or from experimentation to emulate the actions of an attacker on actual systems to improve the estimates of either crossing or circumventing the security barriers in the system. MPSAM provides a framework for an integrated assessment of system security and is intended to be open to modification if additional perspectives are identified.

Partial Presentation Notes:

The methodology has been initially focused on embedded systems because they are typically smaller and simpler. Why is security becoming such a concern even with embedded systems?

The methodology uses a multi-perspective approach:

The next step is to develop security models based on Bayesian Belief Networks (BBN):

Bayes' Theorm Background:

Given two events (A and B) in a universe

P(B|A) = P(B&A) / P(A)    [P(B&A) is the overlap]
P(A|B) = (P(A&B) / P(B)

Bayes' Theorm: P(B|A) = P(A|B) * P(B) / P(A)

Biographical Information:

Maximo H. Salinas received the Ph.D. degree from the University of Virginia in Electrical Engineering in 2003 after developing a novel methodology for the assessment of computer system security. Prior to that, he was awarded the M.S. degree from the University of Virginia in 1990, and the B.S. degree from the Massachusetts Institute of Technology in 1984, also in Electrical Engineering.

Dr. Salinas recently rejoined the professional research staff in the Department of Electrical and Computer Engineering at the University of Virginia (UVA) in which he was employed from 1994 to 2001, when he resigned to devote his efforts to completing his Ph.D. dissertation. Prior to UVA, he worked at PERQ Systems Corporation and MegaScan Technology, Inc. as a digital design engineer in the development of high-performance workstations and intelligent frame buffers. Dr. Salinas has extensive experience in digital electronic design both at the ASIC level and at the component level.

Copyright © 2005 - Institute for Electrical and Electronic Engineers & Mountain View Product Marketing, Inc.
Created by Mountain View Product Marketing, Inc.   Hosted by
IEEE Privacy Policy
Valid HTML 4.01! Valid CSS!