Quantitative Evaluation of Information Systems Security ; Évaluation quantitative de la sécurité des systèmes d'information

Abstract

This dissertation presents a general method for the specification and quantitative evaluation of information systems security. This method allows to monitor the evolutions of an information system in operation, as well as to compare the impact on security of possible modifications of the functioning. It relies on a formal specification of the system security policy, augmented by a model of the vulnerabilities observed in the real system in operation. Then, a security measure represents the difficulty for an attacker to exploit the vulnerabilities and defeat the objectives defined in the security policy.Information systems security policy specification necessitates the definition of a rigorous and expressive framework. Furthermore, the language should be general enough to be usable in the context of an organization. The method defined and used in this work is based on an extension of deontic logic, enriched with a graphical representation.Vulnerabilities of the information system are described by a model called a privilege graph. These vulnerabilities, probed in the system, may have various origins, such as incorrect operation of the protection mechanisms of a computer system, or delegation of privileges in an organization. The assessment of a weight to these individual vulnerabilities allows the definition of highly relevant and global quantitative measures of security.Two practical examples are presented to illustrate the methodology: the study of a medium-size bank agency; and the observation of the security evolutions of a large computer system in operation. ; Cette thèse présente une méthode générale de spécification et d'évaluation quantitative de la sécurité des systèmes d'information. Cette méthode permet de surveiller les évolutions d'un système d'information pendant sa vie opérationnelle, ainsi que de comparer l'impact sur la sécurité de modifications éventuelles du fonctionnement. Elle s'appuie sur une spécification formelle de la politique de sécurité, complétée par un modèle des vulnérabilités du ...