\usepackage{listings} % Include the listings-package

\usepackage{color}

\usepackage{balance}

@@ -233,7 +236,41 @@ \section{Defining Risk}

attacker directly attempts to brute force a given security mechanism or standard. $p_{ida}$ represents the

probability of an indirect attack, where an indirect attacker is one where a malicious user attempts to circumvent existing security by some aspect that is not directly related to the mentioned security implementation.

%XXX What is the definition of security metric in the equation?

Once risk has been defined in the scope of examination, one can develop an `Estimation Metric' that can be compared and contrasted with each other to determine the `worth' of any given design. However, before these metrics can be developed, one must first determine a framework by which these calculations will be incorporated to allow for a relevant and meaningful interpretation of verification and selection metrics.

Once risk has been defined in the scope of examination, one can develop an `Estimation Metric' that can be compared and contrasted with each other to determine the `worth' of any given design. However, before these metrics can be developed, one must first determine a framework by which these calculations will be incorporated to allow for a relevant and meaningful interpretation of verification and selection metrics.

Since the traditional view of risk does not account for an attacker's motivations, this paper moves to develop an equation that will represent not only risk due to an attacker but also account for the fact that the calculation is reliant upon multiple sources of probability. A graphical estimation of this behavior is shown in Figure~\ref{fig:attackRisk}.

Security risk of an attack can be represented as a combination of the probability of an attack, probability of the attack succeeding, and the impact of the attack.

\begin{equation}\label{equ:attackRisk}

R = p_a * p_s * I

\end{equation}

The probability of success is tied to the level of security implemented in the design, represented by the security metric (SM) value. This alters Equation~\ref{equ:attackRisk} to become: