Quantitative security analysis of networked computer systems has been an open problem in computer security for decades. Recently, a promising approach was proposed in Li et al., which, however, made some strong assumptions including the exponential distribution of, and the independence among, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in Li et al., methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These should represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.
"An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems." Internet Math. 8 (3) 288 - 320, 2012.