Abstract
The sophistication and efficiency of current attacks makes the detection and mitigation process a very difficult task for security analysts. Research in information security has always focused on the effects of a given attack over a particular target and the methodologies to evaluate and select countermeasures accordingly. Multiple attack scenarios are hardly considered concurrently to assess the risk and propose security solutions. This paper proposes a geometrical model that represents the volume of attacks and countermeasures based on a three-dimensional coordinate system (i.e. user, channel, and resource). The CARVER methodology is used to give an appropriate weight to each entity composing the axes in the coordinate system. These weights represent the criticality of the different system entities. As a result, volumes are related to risks, making it possible to determine the magnitude and coverage of each attack and countermeasure within a given system.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agarwal, P., Efrat, A., Ganjugunte, S., Hay, D., Sankararaman, S., Zussman, G.: Network vulnerability to single, multiple and probabilistic physical attacks. In: Military Communications Conference (2010)
Baumhof, A., Shipp, A.: Zeus P2P advancements and MitB attack vectors. Technical report, ThreatMetrix Labs Public Report (2012)
Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 143–159. Springer, Heidelberg (2011)
Fisher, D.: Microsoft releases attack surface analizer tool (2012). http://threatpost.com/en_us/blogs/microsoft-releases-attack-surface-analyzer-tool-080612
Granadillo, G.G., Belhaouane, M., Débar, H., Jacob, G.: Rori-based countermeasure selection using the orbac formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)
Gruschka, N.: Attack surfaces: a taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing. IEEE (2010)
Howard, M.: Mitigate security risks by minimizing the code you expose to untrusted users. MSDN Mag. (2004)
Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds.) Computer Security in the 21st Century, pp. 109–137. Springer, Heidelberg (2005)
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010)
Kissel, R.: Glossary of key information security terms. National Institute of Standards and Technologies, U.S. Department of Commerce (2011)
Kriegisch, A.: Detecting conficker in your network. Technical report, CERT White Paper (2009)
Li, N., Tripunitara, M.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)
Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37, 371–386 (2010)
Norman, T.L.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor and Francis Group, Boca Raton (2010)
Northcutt, S.: The attack surface problem. In: SANS technology Institute Document (2011)
Petajasoja, S., Kortti, H., Takanen, A., Tirila, J.: IMS threat and attack surface analysis using common vulnerability scoring system. In: 35th IEEE Annual Computer Software and Applications Conference Workshops (2011)
Acknowledgements
The research in this paper has received funding from the Information Technology for European Advancements (ITEA2) within the context of the ADAX Project (Attack Detection and Countermeasure Simulation), and the PANOPTESEC project, as part of the Seventh Framework Programme (FP7) of the European Commission (GA 610416).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Granadillo, G.G., Jacob, G., Debar, H. (2016). Attack Volume Model: Geometrical Approach and Application. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-31811-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31810-3
Online ISBN: 978-3-319-31811-0
eBook Packages: Computer ScienceComputer Science (R0)