Predator-prey / Obligate Mutualism in Information System Security and Usage

In this paper, I model the interaction of an information system, its users, and its attackers as an ecological system with three populations. I model the relationship between users and the system as an obligate mutualism and the relationship between the system and the attackers as a predator-prey relationship. Sensitivity analysis on a numerical example suggests that the model is consistent with expectations of economic reality. Critical point analysis suggests that defenses that reduce the reward to attackers are superior to those that reduce damage to assets

System Dynamics Modeling and Simulation of Enterprise Computer Security

To support decision-making, training, and understanding complex trends in enterprise computer security, we have built an executable model representing the major components of an organization's computer security, including its machines, users, administrators, countermeasures, and attacks. We use "if-then" rules to express behaviors, incorporating the notions of "archetypes", i.e. frequently-observed patterns of system behavior, and "system dynamics", a discipline which views system behavior in terms of stocks and feedback loops. This thesis describes the model, and then discusses several archetypal behaviors and their results, namely: Symptomatic Fixes (or "Shifting the Burden"), Escalation, and Escalation combined with Limits to Growth. Simulation is used to display these behaviors quantitatively, and to show the effects of possible solutions. We conclude by discussing how such results can be useful for practical computer security, and how this model can both feed off other security research and fuel it