Speaker: Dr. Qisi Liu, Ph.D.
Date: October 1, 2021 | 3:00p.m.
Location:
Abstract: With advances and globalization of information technology such as big data and cloud computing, topics about potential risks with security vulnerabilities have been brought to the forefront. Considerable efforts have been made to estimate security risk with an unlimited cycle of disclosed vulnerabilities in the form of threats or attacks and managements to migrate these risks. On the other hand, reliability is often considered as one of the most vital factors that affect functioning of critical computing systems. Existing works on risk analysis have mostly focused on either security or reliability, but not both. In addition, the existing approaches for quantifying risks are mostly based on simple multiplications of frequencies and quantitative consequences of hazard occurrence without considering dependencies among the hazards. In this dissertation research, an integrated framework is explored for simultaneously and systematically modeling and quantifying both reliability and security risk of modern technological systems. Under the framework, causes and effects of different risks are investigated. Analytical methods integrating Markov chains and decision diagrams are developed and demonstrated through a case study on the reliability and security risk occurrence probability analysis of a cloud RAID storage system under attacks. In addition, sequential attacks involving multiple sequence-dependent hazardous actions for a successful attack are modeled and demonstrated through a case study on banking applications subject to Trojan attacks. In the future, methods including (but not limited to) semi-Markov processes and multiple integrals will be investigated for considering arbitrary types of distributions in the risk analysis. More dependent and dynamic reliability and security behaviors will be modeled for probabilistic risk assessment of modern complex systems.
About the Speaker
Qisi Liu received her Ph.D. degree in Electrical & Computer Engineering with the Computer Engineering option from the University of Massachusetts Dartmouth in January 2021. Her research interest includes probabilistic reliability and security risk assessment.