InfoSec Seminar: Modelling Security Policy

Speaker: Dr Tristan Caulfield

Date/Time: 01-Jan-1970, 00:00 UTC

Venue:

Details

Abstract

Making decisions about security policy can be a challenging task. Security managers must attempt to implement policies that meet their organisations' requirements, but often have no way to accurately predict the effectiveness or consequences of different policy decisions. I'll present work on a modelling methodology and framework designed to help security managers make better decisions by allowing them to explore the effects of different policy choices. The methodology is grounded in mathematical systems modelling and the economics of decision-making; the models capture the physical and logical structure of systems, the behaviour and choices of agents within the system, and the security managers' preferences about outcomes. Executable systems models are constructed and paramaterised from real-world observations, and then the performance of different policies is explored through simulation. Models are designed to be composable, allowing larger and more complex systems to be expressed as combinations of smaller, complete models.

 

Bio

Dr Tristan Caulfield is a Research Associate in the Computer Science department at UCL, working on the Productive Security project. He received his B.Sc. in 2004 and Ph.D. in 2011, both in Computer Science from the University of Bath. Prior to his current project, Tristan was a postdoctoral researcher in the Economics department at Bath, looking at information security in cloud computing. He has also worked on game-theoretic design of wireless networking protocols, multi-agent systems, and agent-based simulation. His research interests are in modelling different aspects of information security, focusing on the intersection of simulation and economics.

This page was last modified on 27 Mar 2014.