Abstract
Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. 14(5):1167–1185, 2002.
P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pages 217–224, Washington, DC, USA, 2002. ACM.
Kun Bai and Peng Liu. A data damage tracking quarantine and recovery (dtqr) scheme for mission-critical database systems. pages 720–731, 2009.
F Bellard. Qemu, a fast and portable dynamic translator. In USENIX Annual Technical Conference, pages 41–46, 2005.
Peter M. Chen and Brian D. Noble. When virtual is better than real hotos. In Hot Topics in Operating Systems, pages 133– 138, 2001.
Jim Chow, Tal Garfinkel, , and Peter M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX Annual Technical Conference, pages 1–14, Boston, Massachusetts, USA, 2008.
F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 202–215. IEEE, 2002.
George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In OSDI ’02: Proceedings of the 5th symposium on Operating systems design and implementation, pages 211–224, Boston, Massachusetts, USA, 2002. ACM.
A. Goel, K. Farhadi K. Po, Z. Li, and E de Lara. The taser intrusion recovery system. In SOSP ’05: Proceedings of the twentieth ACM symposium on Operating systems principles, pages 23–26, Brighton, United Kingdom, 2005. ACM.
R. P. Goldberg. Survey of virtual machine research. In IEEE Computer, pages 34–45, june 1974.
K. Ingols, R. Lippmann, and K. Piwowarski. Practical attack graph generation for network defense. In In 22nd Annual Computer Security Applications Conference (ACSAC), pages 121–130, Miami Beach, Florida, USA, 2006. IEEE.
S. Jajodia, S. Noel, and B. O’Berry. Topological analysis of network attack vulnerability. In Proceedings of the 2nd ACM symposium on Information, computer and communications security, pages 2–2, Singapore, 2007. ACM.
Xuxian Jiang, Xinyuan Wang, and Dongyan Xu. Stealthy malware detection through vmm-based “out-of-the-box” semantic view reconstruction. In CCS ’07: Proceedings of the 14th ACM conference on Computer and communications security, pages 128–138, Alexandria, Virginia, USA, 2007. ACM.
Samuel T. King and Peter M. Chen. Backtracking intrusions. pages 223–236, 2003.
Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. From stem to sead: Speculative execution for automated defense. In USENIX Annual Technical Conference, pages 219–232, 2007.
J. NEWSOME and D. SONG. Dynamic taint analysis for automatic detection and analysis and signature generation of exploits commodity software. In Proceedings of the 12th Symposium on Network and Distributed System Security (NDSS), pages 196–206, San Diego, CA, USA, feb 2005.
Peng Ning, Yun Cui, and Douglas S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pages 245–254, Washington, DC, USA, 2002. ACM.
X. Ou, W. F. Boyer, and M. A. McQueen. A scalable approach to attack graph generation. In CCS ’06: Proceedings of the 13th ACM conference on Computer and communications security, pages 336–345. ACM, 2006.
B. Panda and J. Giordano. Reconstructing the database after electronic attacks. In The 12th IFIP 11.3 Working Conference on Database Security, pages 143–156, Greece, Italy, 1998.
Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. Lares: an architecture for secure active monitoring using virtualization. In Proceedings of the IEEE Symposium on Security and Privacy, pages 233–247, 2008.
Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, and Yuanyuan Zhou. Rx: treating bugs as allergies—a safe method to survive software failures. pages 235–248, 2005.
Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, and Jr. William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In OSDI’04: Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, pages 21–21, San Francisco, CA, USA, 2004. USENIX Association.
O. Sheyner, J. Haines, R. Lippmann S. Jha, and J. M. Wing. Automated generation and analysis of attack graphs. In In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 273–284. IEEE, 2002.
Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. Building a reactive immune system for software services. In ATEC ’05: Proceedings of the annual conference on USENIX Annual Technical Conference, pages 11–11, Anaheim, CA, USA, 2005. USENIX Association.
A. Smirnov and T. Chiueh. Dira: Automatic detection and identification and repair of control-hijacking attacks. In Proceedings of the 12th Symposium on Network and Distributed System Security (NDSS), San Diego, CA, USA, feb 2005.
Sudarshan Srinivasan, Christopher Andrews, Srikanth Kandula, and Yuanyuan Zhou. Flashback: A light-weight extension for rollback and deterministic replay for software debugging. In Proceedings of the annual Usenix technical conference, 2004.
L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In In DARPA Information Survivability Conference and Exposition II (DISCEX ’01), volume 2, pages 307–321, June 2001.
Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In CCS ’07: Proceedings of the 14th ACM conference on Computer and communications security, pages 116–127, Alexandria, Virginia, USA, 2007. ACM.
M. Yu, P. Liu, and W. Zang. Self healing workflow systems under attacks. In Proc. 24th IEEE International Conference on Distributed Computing Systems (ICDCS’04), pages 418–425, Tokyo, Japan, 2004. IEEE.
Acknowledgements
This work was supported by NSF CNS-0716479, AFOSR MURI: Autonomic Recovery of Enterprise-wide Systems after Attack or Failure with Forward Correction, AFRL award FA8750-08-C-0137, and ARO MURI: Computer-aided Human Centric Cyber Situation Awareness.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag US
About this chapter
Cite this chapter
Liu, P. et al. (2010). Cross-Layer Damage Assessment for Cyber Situational Awareness. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds) Cyber Situational Awareness. Advances in Information Security, vol 46. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0140-8_8
Download citation
DOI: https://doi.org/10.1007/978-1-4419-0140-8_8
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-0139-2
Online ISBN: 978-1-4419-0140-8
eBook Packages: Computer ScienceComputer Science (R0)