Abstract
Conference Title: 2018 12th International Conference on Reliability, Maintainability, and Safety (ICRMS) Conference Start Date: 2018, Oct. 17 Conference End Date: 2018, Oct. 19 Conference Location: Shanghai, China One of the biggest challenges during the overall promotion of computer industry is the security risk issue. Most of the existing approaches for quantifying security risks are based on simple multiplications of frequencies and quantitative consequences of hazard occurrence without considering dependencies among the hazards. In this paper, we model sequential attacks, which involve multiple sequence-dependent hazardous actions for a successful attack. We also explore a Markov-based method to estimate the occurrence probability of security risks for systems subject to the sequential attacks. The method is demonstrated through a detailed case study where Trojan attacks in the banking application are modeled and analyzed.