[Cohen98] Fred Cohen Cynthia Phillips, Laura Painton Swiler, Timothy Gaylor, Patricia Leary, Fran Rupley, Richard Isler, and Eli Dart A Preliminary Classification Scheme for Information System Threats, Attacks, and Defenses; A Cause and Effect Model; and Some Analysis Based on That Model,[This paper (placed at the end for readability) describes 37 different types of actors that may Cause Information System Failure (Threats), 94 different Mechanisms by Which Information Systems are Caused to Fail (Attacks), and 140 different Mechanisms Which May Prevent, Limit, Reduce, or Mitigate Harm (Defenses). We describe a cause-effect model of information system attacks and defenses based on the notions that particular threats use particular attacks to cause desired consequences and successful defenders use particular defensive measures to defend successfully against those attacks and thus limit the consequences. Human defenders and attackers also use a variety of different viewpoints to understand and analyze their attacks and defenses, and this notion is also brought to bear. We then describe some analytical methods by which this model may be analyzed to derive useful information from available and uncertain information. This useful information can then be applied to meeting the needs of defenders (or if turned on its head attackers) to find effective and minimal cost defenses (or attacks) on information systems. Next we consider the extension of this method to networks and describe a system that implements some of these notions in an experimental testbed called HEAT.]

Drill Down