Visible to the public Ensuring System Resilience at Design Time: A User and Attacker Oriented Approach

Presented as part of the 2012 HCSS conference.


In order to "build-in" security, one must have a design methodology that allows one to make design choices that account for the "amount" of security a particular design approach provides. Quantifying security at design time is a significant research challenge. Traditional cyber security modeling approaches either do not explicitly consider system participants or assume a fixed set of participant behaviors that are independent of the system. Increasingly, accumulated cyber security data indicate that system participants can play an important role in the creation or elimination of cyber security vulnerabilities. Thus, there is a need for cyber security analysis tools that take into account the actions and decisions of human participants as well as attackers. In this talk, we describe steps toward creating a design-time security modeling methodology that provides a structured and quantitative means of analyzing cyber security problems whose outcomes are influenced by human-system interactions as well as attacker actions.


William H. Sanders is a Donald Biggar Willett Professor of Engineering and the Director of the Coordinated Science Laboratory ( at the University of Illinois at Urbana-Champaign. He is a professor in the Department of Electrical and Computer Engineering and the Department of Computer Science. He was the founding Director of the Information Trust Institute ( He is also a Fellow of the IEEE and the ACM, a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing, and past Vice-Chair of the IFIP Working Group 10.4 on Dependable Computing.

Dr. Sanders's research interests include dependability & security evaluation, architecting of reliable & secure systems, stochastic modeling, and performance evaluation of distributed systems, with a focus on critical infrastructures. He has published more than 200 technical papers in those areas. He is currently the Director and PI of the DOE/DHS Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center (, which is at the forefront of national efforts to make the U.S. power grid smart and resilient. He is also a member of the NIST Smart Grid Advisory Committee, which advises the NIST Director on the direction of NIST's Smart Grid-related programs and activities.

Dr. Sanders is co-developer of three tools for assessing computer-based systems: METASAN, UltraSAN, and Mobius. Mobius and UltraSAN have been distributed widely to industry and academia; more than 500 licenses for the tools have been issued to universities, companies, and NASA for evaluating the performance, dependability, and security of a variety of systems. He is also a co-developer of the Loki distributed system fault injector, the AQuA/ITUA middlewares for providing dependability/security to distributed and networked applications, and NetAPT (the Network Access Policy Tool), a tool for assessing the security of networked systems.

Dr. Sanders holds a B.S.E. in Computer Engineering (1983), an M.S.E. in Computer, Information, and Control Engineering (1985), and a Ph.D. in Computer Science and Engineering (1988), all from the University of Michigan.

Creative Commons 2.5

Other available formats:

Ensuring System Resilience at Design Time: A User and Attacker Oriented Approach
Switch to experimental viewer