Edgar Padilla is a Ph.D. student at the University of Texas at El Paso. He is also a systems programmer for the University’s enterprise resource planning systems. His research interests include risk analysis and secure software architecture.
Journal Articles
Risk Analysis with Execution-Based Model Generation
Analyzing risk is critical throughout the software acquisition lifecycle. System risk is assessed by conducting a penetration test, where ethical hackers portray realistic threat on real systems by exploiting vulnerabilities. These tests are very costly, limited in duration, and do not provide stakeholders with “what-if” analyses. To alleviate these issues, system models are used in emulation, simulation, and attack graph generators to enhance test preparation, execution, and supplementary post-test analyses.
This article describes a method for developing models that can be used to analyze risk in mixed tactical and strategic networks, which are common in the military domain.
Leave a Comment
You must be logged in to post a comment.