Skip to main content
SpringerLink
Log in

Assessing the risk of complex ICT systems

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

ICT systems are becoming increasingly complex and dynamic. They mostly include a large number of heterogeneous and interconnected assets (both physically and logically), which may be in turn exposed to multiple security flaws and vulnerabilities. Moreover, dynamicity is becoming paramount in modern ICT systems, since new assets and device configurations may be constantly added, updated, and removed from the system, leading to new security flaws that were not even existing at design time. From a risk assessment perspective, this adds new challenges to the defenders, as they are required to maintain risks within an acceptable range, while the system itself may be constantly evolving, sometimes in an unpredictable way. This paper introduces a new risk assessment framework that is aimed to address these specific challenges and that advances the state of the art along two distinct directions. First, we introduce the risk assessment graphs (RAGs), which provide a model and formalism that enable to characterize the system and its encountered risks. Nodes in the RAG represent each asset and its associated vulnerability, while edges represent the risk propagation between two adjacent nodes. Risk propagations in the graph are determined through two different metrics, namely the accessibility and potentiality, both formulated as a function of time and respectively capture the topology of the system and its risk exposure, as well as the way they evolve over time. Second, we introduce a quantitative risk assessment approach that leverages the RAGs in order to compute all possible attack paths in the system and to further infer their induced risks. Our approach achieves both flexibility and generality requirements and applies to a wide set of applications. In this paper, we demonstrate its usage in the context of a software-defined networking (SDN) testbed, and we conduct multiple experiments to evaluate the efficiency and scalability of our solution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Purdy G (2010) ISO 31000: 2009—setting a new standard for risk management. Risk Anal 30(6):881–886

    Article  Google Scholar 

  2. EBIOS, Central directorate for information systems security, version, http://www.ssi.gouv.fr

  3. Alberts C J, Behrens S G, Pethia R D, Wilson W R (1999) Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) framework. Version 1.0

  4. Mell P, Scarfone K, Romanosky S (2007) A complete guide to the common vulnerability scoring system version 2.0. Published by FIRST-forum of incident response and security teams, 1–23

  5. Sheyner OM (2004) Scenario graphs and attack graphs (Doctoral dissertation, US Air Force Research Laboratory)

  6. Bondy J A, Murty U S R (1976) Graph theory with applications, vol 290. London: Macmillan

  7. West DB (2001) Introduction to graph theory, vol 2. Upper Saddle River: Prentice hall

  8. NIST, National institute of science and technology, http://nvd.nist.gov/download.cfm

  9. Phillips C, Swiler L P (1998) A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on new security paradigms, pp 71–79

  10. Ou X, Boyer W F, McQueen M A (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM con- ference on computer and communications security, pp 336–345

  11. Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 217–224

  12. Huang H, Zhang S, Ou X, Prakash A, Sakallah K (2011) Distilling critical attack graph surface iteratively through minimum-cost sat solving. In: Proceedings of the 27th annual computer security applications conference, pp 31–40

  13. Viduto V, Huang W, Maple C (2011) Toward optimal multi-objective models of network security: survey. In: Automation and computing, ICAC, pp 6–11

  14. Xie P, Li J H, Ou X, Liu P, Levy R (2010) Using Bayesian networks for cyber security analysis. In: IEEE/IFIP international con- ference on dependable systems and networks, 2010, pp 211–220

  15. Mehta V, Bartzis C, Zhu H, Clarke E, Wing J (2006) Ranking attack graphs. In: Recent advances in intrusion detection, pp 127–144

  16. Kijsanayothin P, Hewett R (2010) Analytical approach to attack graph analysis for network security. In: ARES’10 international conference on availability, reliability, and security, pp 25–32

  17. Wing J M et al. (2008) Scenario graphs applied to network security. In: Information assurance: survivability and security in networked systems, pp 247–277

  18. Homer J, Zhang S, Ou X, Schmidt D, Du Y, Rajagopalan S R, Singhal A (2013) Aggregating vulnerability metrics in enterprise networks using attack graphs. J Comput Secur 21(4):561–597

    Article  Google Scholar 

  19. Lippmann R P, Ingols KW (2005) An annotated review of past papers on attack graphs (No. PR-IA-1). Massachusetts Inst Of Tech Lexington Lincoln Lab

  20. Hong J, Kim D -S (2012) HARMs: hierarchical attack representation models for network security analysis. Security Research Institute, Edith Cowan University, Perth, Western Australia

  21. Wang S, Zhang Z, Kadobayashi Y (2013) Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput Secur 32:158–169

    Article  Google Scholar 

  22. Samarji L, Cuppens F, Cuppens-Boulahia N, Kanoun W, Dubus S (2013) Situation calculus and graph based defensive modeling of simultaneous attacks. In: Cyberspace safety and security, pp 132–150

  23. Common vulnerabilities and exposures, CVE, http://cve.mitre.org/

  24. Van Benthem J (2011) Logical dynamics of information and interaction. Cambridge University Press

  25. Noel S, Jajodia S, O’Berry B, Jacobs M (2003) Efficient minimum-cost network hardening via exploit dependency graphs. In: 19th annual computer security applications conference pro- ceedings, pp 86–95

  26. Jakobson G (2011) Mission cyber security situation assessment using impact dependency graphs. In: Proceedings of the 14th international conference on information fusion (FUSION), pp 1–8

  27. Kheir N, Cuppens-Boulahia N, Cuppens F, Debar H (2010) A service dependency model for cost-sensitive intrusion response. In: Computer security–ESORICS, pp 626–642

  28. Shandilya V, Simmons C B, Shiva S (2014) Use of attack graphs in security systems. Journal of Computer Networks and Communications, 2014

  29. Yassine N M, Nancy P, Nizar K, Mahjoub A R, Wary J P (2016) A new risk assessment framework using graph theory for complex ICT systems. In: Proceedings of the 2016 international workshop on managing insider security threats. ACM, pp 97– 100

  30. Baras J S, Theodorakopoulos G (2010) Path problems in networks. Synthesis Lectures on Communication Networks 3(1):1–77

    Article  MATH  Google Scholar 

  31. Floyd R W (1962) Algorithm 97: shortest path. Commun ACM 5(6):345

    Article  Google Scholar 

  32. Ahmad I, Namal S, Ylianttila M et al. (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutorials 17(4):2317–2346

    Article  Google Scholar 

  33. Common platform enumeration, CPE, https://cpe.mitre.org/

  34. Networkx documentation, https://networkx.github.io/documentation/networkx-1.9.1/

  35. Erdös P, Rényi A (1959) On random graphs, I. Publicationes Mathematicae (Debrecen) 6:290–297

    MathSciNet  MATH  Google Scholar 

  36. Ben-Tal A, El Ghaoui L, Nemirovski A (2009) Robust optimization. Princeton University Press

  37. Schrijver A (2002) Combinatorial optimization: polyhedra and efficiency, vol 24. Springer Science & Business Media

  38. Dantzig GB (1998) Linear programming and extensions. Princeton University Press

  39. IBM ILOG CPLEX Optimizer, http://www-01.ibm.com/software/commerce/optimization/cplex-optimizer/

  40. Mahjoub A R, Naghmouchi M Y, Perrot N (2017) A bi-level programming model for proactive countermeasure selection in complex ICT systems, INOC. Lisbonne, Portugal

Download references

Acknowledgements

We would like to thank the anonymous referees for their valuable comments which permitted to improve the presentation of the paper.

Author information

Authors and Affiliations

  1. Thales Group, Paris, France

    Nizar Kheir

  2. PSL Research University, CNRS, LAMSADE, Université Paris-Dauphine, 75016, Paris, France

    A. Ridha Mahjoub

  3. Université Paris-Dauphine, Paris, France

    M. Yassine Naghmouchi

  4. Orange Labs, Paris, France

    M. Yassine Naghmouchi, Nancy Perrot & Jean-Philippe Wary

Authors
  1. Nizar Kheir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Ridha Mahjoub
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Yassine Naghmouchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nancy Perrot
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jean-Philippe Wary
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Yassine Naghmouchi.

Appendices

Appendix A: Table of notations

In Table 2, we describe the different notations used in this paper.

Table 2 Table of notations
Full size table

Appendix B: Future work

Future work will expand our approach described in this paper through integrating a risk treatment step. A possible illustration of the entire process is provided in Fig. 10. The risk treatment process deals with the following Proactive Countermeasure Selection Problem (PCSP): Given the RAGs, the countermeasures and the security policies (thresholds), find an assignment of countermeasures to the asset-vulnerability nodes that both respects the security policies and minimizes the cost of its deployment. The solution of the problem may be conducted in two steps.

Fig. 10
figure 10

Complete risk management framework

Full size image

PCSP problem modeling

A mathematical programming formulation will be given to model the PCSP.

PCSP problem solving

Based on the formulation, efficient optimization algorithms will be developed to solve the problem. The solver Cplex [39] will be used.

A preliminary work related to this problem is published in [40].

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kheir, N., Mahjoub, A.R., Naghmouchi, M.Y. et al. Assessing the risk of complex ICT systems. Ann. Telecommun. 73, 95–109 (2018). https://doi.org/10.1007/s12243-017-0617-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-017-0617-0

Keywords

Search

Navigation