Edgar Padilla is a Ph.D. student at the University of Texas at El Paso. He is also a systems programmer for the University’s enterprise resource planning systems. His research interests include risk analysis and secure software architecture.
Analyzing risk is critical throughout the software acquisition lifecycle. System risk is assessed by conducting a penetration test, where ethical hackers portray realistic threat on real systems by exploiting vulnerabilities. These tests are very costly, limited in duration, and do not provide stakeholders with “what-if” analyses. To alleviate these issues, system models are used in emulation, simulation, and attack graph generators to enhance test preparation, execution, and supplementary post-test analyses.
This article describes a method for developing models that can be used to analyze risk in mixed tactical and strategic networks, which are common in the military domain.