TY  - CONF
N1  - Copyright © 2015?2015 ICST. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Eighth EAI International Conference on Simulation Tools and Techniques, http://dx.doi.org/10.1145/10.4108/eai.24-8-2015.2260765
TI  - Modelling and simulating systems security policy
Y1  - 2015/08/27/
AV  - public
M2  - Athens, Greece
A1  - Caulfield, T
A1  - Pym, D
KW  - Composition
KW  -  Decision
KW  -  Location
KW  -  Logic
KW  -  Modelling
KW  -  Policy
KW  -  Process
KW  -  Resource
KW  -  Security
KW  -  Semantics
KW  -  Simulation
N2  - Security managers face the challenge of designing security policies that deliver the objectives required by their organizations. We explain how a rigorous modelling framework and methodology - grounded in semantically justified mathematical systems modelling, the economics of decision-making, and simulation - can be used to explore the operational consequences of their design choices and help security managers to make better decisions. The methodology is based on constructing executable system models that illustrate the effects of different policy choices. Models are compositional, allowing complex systems to be expressed as combinations of smaller, complete models. They capture the logical and physical structure of systems, the choices and behaviour of agents within the system, and the security managers' preferences about outcomes. Utility theory is used to describe the extent to which security managers' policies deliver their security objectives. Models are parametrized based on data obtained from observations of real-world systems that correspond closely to the examples described.
ID  - discovery1468683
UR  - http://dx.doi.org/10.4108/eai.24-8-2015.2260765
PB  - ICST
T2  - Eighth EAI International Conference on Simulation Tools and Techniques
ER  -