Towards an Analytic Model of Security Flaws
Click here to download now
Overview: Security is essentially a gamble. Controlled access in some manner is given to an object, which carries some benefit, but as a consequence there is the prospect of undesired users exploiting the access to gain unauthorized access (i.e. reading or writing), of the protected object. This paper published by HP presents a simple model of the dynamics of flaws within a software security system. It demonstrates how this model can be fully captured by a Galton-Watson branching process and thus can be effectively calculated upon.