Towards an analytic model of security flaws Chris Tofts, Brian Monahan Trusted Systems Laboratory HP Laboratories Bristol HPL-2004-224 December 10, 2004* E-mail: chris.tofts@hp.com , brian.monahan@hp.com security, models, flaws, branching process, ana lytic A simple model of the dynamics of flaws within a software security system is presented. We demonstrate how this model can be fully captured by a Galton- Watson branching process and thus can be effectively calculated upon. Using the limit behaviour of a Galton- Watson branching process, we can demonstrate how a multi- layered security system can become secure even with 'poor' flaw correction. Finally we make some observations about how the parameters of our models can be estimated and how further results from branching processes could be exploited within security systems. * Internal Accession Date Only Approved for External Publication  Copyright Hewlett-Packard Company 2004