University of Illinois at Urbana Champaign
To provide insight on system security and aid decision-makers, the authors propose a method to quantitatively evaluate the strength of a system's security. Their approach is to create an executable state-based security model of the system under attack. In this paper, they focus on the development of the adversary attack behavior model, which is one part of the overall security model. They show how three key aspects of an adversary's successful cyber attack - means, motive, and opportunity - translate into the notions of probability of success given attempt, probability of attempt, and precondition.