THEMIS Threat Evaluation Metamodel for Information Systems is a description logic-based framework to apply state, federal, and international law to reason about the intent of computer network attacks with respect to collateral consequences. Itcan be used by law enforcement agencies and prosecutors to build legally credible arguments, and by network designers to keep their defensive and retaliatory measures within lawful limits. THEMIS automates known quantitative measures of characterizing attacks, weighs their potential impact, and places them in appropriate legal compartments. From the perspective of computer networks, we develop representations and a way to reason about the non-network related consequences of complex attacks from their atomic counterparts. From the perspective of law, we propose the development of interoperable ontologies and rules that represent concepts and restrictions of heterogeneous legal domains. The two perspectives are woven together in THEMIS using description logic to reason about and guide defensive, offensive, and prosecutorial actions.
Economic Analysis of Cyber Attacks
Thomas C. Wingfield - The Potomac Institute for Policy Studies, Arlington, Va. 22203
James B. Michael- Dept. of Computer Science, Naval Postgraduate School, Monterey, Calif. 93943
Duminda Wijesekera - Dept. of Information and Software Engineering, GMU, Fairfax Va. 22030
- C. Farkas, T.C. Wingfield, J.B. Michael, D. Wijesekera, “ THEMIS: Threat Evaluation Metamodel for Information Systems,” Accepted for 2nd Symposium on Intelligence and Security Informatics, 2004