Multi-Objective Decision Support for Efficent Information Security Safeguard Selection (Moses3)

Project abstract

In the face of growing threats and challenged by the complex nature of information security problems, decision makers struggle to identify the best means to achieve an appropriate level of security. Consequently, they tend to base investment decisions primarily on immediate and isolated short-term needs. This reactive ad-hoc approach to information security typically leads to an inefficient allocation of scarce resources.

Moses3 tackles this highly relevant and theoretically challenging problem and aims to support decision makers in strategically selecting an appropriate set of information security controls (e.g., virus scanners, firewalls, encryption, intrusion detection, two-factor authentication, access control systems, security policies, security awareness trainings etc.). To this end, the project develops a quantitative method that supports decision makers in striking a balance between monetary and non-monetary risk, cost, and benefit objectives.

Our approach rests upon a comprehensive evaluation and optimization of the total effectiveness of all implemented controls rather than on an assessment of individual information security investment opportunities. The developed methodology explicitly accounts for the particular characteristics of the organization as well as the threat sources it faces. To this end, we model attackers as goal-oriented agents and rely on heavyweight ontologies to represent rich security knowledge. We harness that knowledge through novel techniques to infer possible routes of attacks and generate individual attack trees based on attackers’ motivation, objectives, capabilities, resources and available entry points.

Results of the project will facilitate better information security decision-making. To achieve this objective, we follow an interdisciplinary research approach that draws on multiple disciplines including Information Security, Computer Science, Management, and Operations Research.

Research problem

Moses3 tackles the highly relevant and theoretically challenging problem of strategically selecting an appropriate set of information security safeguards while considering that optimal investment in security is dependent upon:
  1. characteristics of the system and assets to be protected
  2. the "threat model" (including threat agent characteristics)
  3. available resources
  4. decision-makers' risk preferences


  • Security investments require trade-offs between monetary and non-monetary risk, cost, and benefit objectives
  • A system's overall security depends on the combined effect of all implemented safeguards; this effect is generally not cumulative
  • Actions of malicious and goal-driven threat agents do not follow particular statistical patterns
  • Threat agents differ in their motivation, objectives, resources, risk tolerance, points of entry etc.
  • How best to defend a system is inherently linked to the question "against whom"?

Solution approach

Moses3 combines
  1. Ontological modeling of security knowledge
  2. Dynamic attack tree and attack graph generation techniques
  3. Attack simulation based on probabilistic model of threat agent behavior
  4. Meta-heuristic identification of efficient safeguard portfolios
  5. Interactive decision support to balance multiple objectives