ABSTRACT
The most critical steps in the risk assessment of a system are the discovery of attacks against the system as well as the computation of the probabilities that attacks are successful and their impacts. We present a framework to support these steps driven by a detailed simulation of the attacks implemented by intelligent threat agents. The framework can evaluate the role of factors such as the probability of discovering a vulnerability, the resources available to agents, how an agent composes attacks into plans to reach a goal. The agents and their plans are described through a proper extension of attack graphs. A simulation defined in terms of attack graphs can fully exploit an important feature of these graphs, namely their ability of describing both attack plans and the countermeasures to stop these plans. Furthermore, a simulation-driven approach can evaluate how the availability of information about the system implementation influences the success of attack plans. Finally, we describe the tools that implement the simulation and that produce statistics about both attack plans that have been successfully implemented and the resulting risk for the system owner.
- F. Baiardi, C. Telmon, and D. Sgandurra. Hierarchical, Model-based Risk Management of Critical Infrastructures. Reliability Engineering & System Safety, 94(9):1403--1415, 2009.Google ScholarCross Ref
- M. Bouissou and J. Bon. A new formalism that combines advantages of fault-trees and Markov models: Boolean logic Driven Markov Processes. Reliability Engineering & System Safety, 82(2):149--163, 2003.Google ScholarCross Ref
- S. Camtepe and B. Yener. Modeling and detection of complex attacks. In Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on, pages 234--243. IEEE, 2007.Google ScholarCross Ref
- S. Epstein and A. Rauzy. Can we trust pra? Reliability Engineering & System Safety, 88(3):195--205, 2005.Google ScholarCross Ref
- L. A. Gordon and M. P. Loeb. The economics of information security investment. ACM Trans. Inf. Syst. Secur., 5:438--457, November 2002. Google ScholarDigital Library
- S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In In Proceedings of the 15th Computer Security Foundation Workshop, pages 49--63, 2002. Google ScholarDigital Library
- W. Lee, D. Grosh, and F. Tillman. Fault tree analysis, methods, and applications- a review. IEEE transactions on reliability, 1985.Google Scholar
- R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham. Validating and restoring defense in depth using attack graphs. In Proceedings of the 2006 IEEE conference on Military communications, MILCOM'06, pages 981--990, Piscataway, NJ, USA, 2006. IEEE Press. Google ScholarDigital Library
- S. Mauw and M. Oostdijk. Foundations of attack trees. Information Security and Cryptology-ICISC 2005, pages 186--198, 2006. Google ScholarDigital Library
- S. Noel, E. Robertson, and S. Jajodia. Correlating intrusion events and building attack scenarios through attack graph distances. In Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC '04, pages 350--359, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
- S. Pudar, G. Manimaran, and C.-C. Liu. Penet: A practical method and tool for integrated modeling of security attacks and countermeasures. Computers & Security, 28(8):754--771, 2009.Google ScholarDigital Library
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 273--, Washington, DC, USA, 2002. IEEE Computer Society. Google ScholarDigital Library
- L. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In DARPA Information Survivability Conference Exposition II, 2001. DISCEX '01. Proceedings, volume 2, pages 307--321 vol. 2, 2001.Google ScholarCross Ref
- S. Zhang and S. Song. A Novel Attack Graph Posterior Inference Model Based on Bayesian Network. Journal of Information Security, 2:8--27, 2011.Google ScholarCross Ref
Index Terms
- A simulation-driven approach for assessing risks of complex systems
Recommendations
Security assessment of clickjacking risks in web applications: metrics based approach
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied ComputingClickjacking attacks steal user clicks through the generation of webpages overlaying legitimate webpages. These attacks redirect user clicks to attacker controlled webpages. Redirection of clicks can cause various unwanted activities and damages to ...
Assessing vulnerability exploitability risk using software properties
Attacks on computer systems are now attracting increased attention. While the current trends in software vulnerability discovery indicate that the number of newly discovered vulnerabilities continues to be significant, the time between the public ...
Agent-based simulation for assessing network security risk due to unauthorized hardware
ADS '15: Proceedings of the Symposium on Agent-Directed SimulationComputer networks are present throughout all sectors of our critical infrastructure and these networks are under a constant threat of cyber attack. One prevalent computer network threat takes advantage of unauthorized, and thus insecure, hardware on a ...
Comments