Abstract
Modeling and simulation (M&S) represent the structure and behavior of a system with a focus on what the system is and does to provide value-delivery. Security M&S represents a risk to the system that may negatively impact value-delivery and what to do to address those risks. The chronology is to first model the system, then risks to the system, and then model security to mitigate the risks to assure value-delivery. Modeling security separate from that which it safeguards has no meaning. This chapter introduces M&S concepts, including purpose, approaches, and that which one models; plus, an introduction to modeling risk, threats, and security. There are examples of modeling cybersecurity operations for optimization and applying conditional probabilities to help manage uncertainty for finding threats in the operating environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boje D (1999) Holon and transorganizational theory. New Mexico State University
Busemeyer J, Bruza P (2014) Quantum models of cognition and decision. Cambridge University Press
Carvalho M, Luna L (2002) Discrete and continuous simulation. In: Advanced topics in systems dynamics presentation
Czagan D (2014) Qualitative risk analysis with DREAD model. Infosec Institute. https://resources.infosecinstitute.com/topic/qualitative-risk-analysis-dread-model/. Last accessed 11 Oct 2021
Donovan F (2021) What is STRIDE and how does it anticipate cyberattacks? Security Intelligence. https://securityintelligence.com/articles/what-is-stride-threat-modeling-anticipate-cyberattacks/
Dove R, Willett KD (2020) Techno-social contracts for security orchestration in the future of systems engineering. In: The international council on systems engineering international symposium
Gonzalez C (2020) 6 threat modeling methodologies: prioritize and mitigate threats. Exabeam. https://www.exabeam.com/information-security/threat-modeling/#:~:text=There%20are%20six%20main%20methodologies,threats%20facing%20your%20IT%20assets
Kahneman D (2013) Thinking, fast and slow, 1st edn. Farrar, Straus and Giroux
Kahneman D, Tversky A (1984) Choices, values, and frames. Am Psychol
Ledesma J (2021) What is threat modeling and how to choose the right framework? Varonis. https://www.varonis.com/blog/threat-modeling/
Mantel H, Probst CW (2019) On the meaning and purpose of attack trees. In: 2019 IEEE 32nd computer security foundations symposium
Mead N, Shull F (2018) The hybrid threat modeling method. Carnegie Mellon University Software Engineering Institute. https://insights.sei.cmu.edu/blog/the-hybrid-threat-modeling-method/
Schneier B (1999) Attack trees: modeling security threats. Dr Dobbs J
Shevchenko N (2018) Threat modeling: 12 available methods. Carnegie Mellon University Software Engineering Institute. https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
Shevchenko N, Chick TA, O’Riordan P, Scanlon TP, Woody C (2018) Threat modeling: a summary of available methods. Carnegie Mellon University Software Engineering Institute
Stranger J (2020) Think like a Hacker: 3 cybersecurity models used to investigate intrusions. CompTIA
Taylor I (1998) A marginal analysis approach to risk management under the scenario planning framework. Centre for Operational Research. Research note RN-9814. Defence Research and Development Canada, Ottawa, Canada. Available at: https://cradpdf.drdc-rddc.gc.ca/PDFS/zbb62/p508430.pdf. Accessed 22 Sept 2021
Threat Modeler (2019) STRIDE, VAST, TRIKE, & more: which threat modeling methodology is right for your organization? https://threatmodeler.com/threat-modeling-methodologies-overview-for-your-business/
Tsukerman 2020. https://www.pluralsight.com/guides/cybersecurity-threat-modeling-with-octave
Wilensky U (1998) NetLogo flocking model. Center for Connected Learning and Computer-Based Modeling, Northwestern University, Evanston. http://ccl.northwestern.edu/netlogo/models/Flocking
Willett KD (2008) Information assurance architecture. Auerbach Publishing, New York
Willett KD (2017) Cybersecurity decision patterns as adaptive knowledge encoding in cybersecurity operations. Stevens Institute of Technology
Willett KD (2020a) Systems engineering the conditions of the possibility. Incose Insight 23(4)
Willett KD (2020b) Harmonizing the domains of loss-driven systems engineering. Incose Insight 23(4)
Wuyts K, Sion L, Joosen W (2020) LINDDUN GO: a lightweight approach to privacy threat modeling. In: IEEE European symposium on security and privacy workshops, pp 302–309
Yukalov VI, Sornette D (2009) Quantum decision theory as a quantum theory of measurement. https://arxiv.org/pdf/0903.5188.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this entry
Cite this entry
Willett, K.D., Taylor, I. (2022). Security Modeling and Simulation. In: Masys, A.J. (eds) Handbook of Security Science. Springer, Cham. https://doi.org/10.1007/978-3-319-91875-4_95
Download citation
DOI: https://doi.org/10.1007/978-3-319-91875-4_95
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91874-7
Online ISBN: 978-3-319-91875-4
eBook Packages: Physics and AstronomyReference Module Physical and Materials ScienceReference Module Chemistry, Materials and Physics