research-article

Cyber Resilience-by-Construction: Modeling, Measuring & Verifying

Authors:

Yasir Imtiaz Khan,

Usman RaufAuthors Info & Claims

SafeConfig '15: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense

Pages 9 - 14

https://doi.org/10.1145/2809826.2809836

Published: 12 October 2015 Publication History

Abstract

The need of cyber security is increasing as cyber attacks are escalating day by day. Cyber attacks are now so many and sophisticated that many will unavoidably get through. Therefore, there is an immense need to employ resilient architectures to defend known or unknown threats. Engineer- ing resilient system/infrastructure is a challenging task, that implies how to measure the resilience and how to obtain sufficient resilience necessary to maintain its service delivery under diverse situations. This paper has two fold objective, the first is to propose a formal approach to measure cyber resilience from different aspects (i.e., attacks, failures) and at different levels (i.e., pro-active, resistive and reactive). To achieve the first objective, we propose a formal frame- work named as: Cyber Resilience Engineering Framework (CREF). The second objective is to build a resilient system by construction. The idea is to build a formal model of a cyber system, which is initially not resilient with respect to attacks. Then by systematic refinements of the formal model and by its model checking, we attain resiliency. We exemplify our technique through the case study of simple cyber security device (i.e., network firewall).

References

[1]

Al-Shaer, E., Duan, Q., and Jafarian, J. Random host mutation for moving target defense. In Security and Privacy in Communication Networks, A. Keromytis and R. Di Pietro, Eds., vol. 106 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer Berlin Heidelberg, 2013, pp. 310--327.

[2]

Alsaleh, M., Al-Haj, S., and Al-Shaer, E. Objective metrics for firewall security: A holistic view. In Communications and Network Security (CNS), 2013 IEEE Conference on (Oct 2013), pp. 470--477.

[3]

Cholda, P., Tapolcai, J., Cinkler, T., Wajda, K., and Jajszczyk, A. Quality of resilience as a network reliability characterization tool. Network, IEEE 23, 2 (March 2009), 11--19.

Digital Library

[4]

claude Laprie, J. From dependability to resilience. In 38th IEEE/IFIP Int. Conf. On Dependable Systems and Networks (2008).

[5]

Duan, Q., Al-Shaer, E., and Jafarian, H. Efficient random route mutation considering flow and network constraints. In Communications and Network Security (CNS), 2013 IEEE Conference on (Oct 2013), pp. 260--268.

[6]

Funk, C., and Garnaeva, M. Kaspersky security bulletin. the overall statistics for 2013. available online: http://securelist.com/analysis/kaspersky-security-bulletin/58265/ (accessed on 16 december 2014). Tech. rep.

[7]

Gostev, A. Security bulletin: Statistics 2008, available online: http://securelist.com/analysis/kaspersky-security-bulletin/36241/ (accessed on 16 december 2014). Tech. rep.

[8]

Guelfi, N. A formal framework for dependability and resilience from a software engineering perspective. Central European Journal of Computer Science 1, 3 (2011), 294--328.

[9]

Imtiaz Khan, Y., and Risoldi, M. Language enrichment for resilient mde. In Software Engineering for Resilient Systems, P. Avgeriou, Ed., vol. 7527 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2012, pp. 76--90.

Digital Library

[10]

Jafarian, J. H., Al-Shaer, E., and Duan, Q. Open flow random host mutation: transparent moving target defense using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks (2012), ACM, pp. 127--132.

Digital Library

[11]

Kang, M. S., Lee, S. B., and Gligor, V. The crossfire attack. In Security and Privacy (SP), 2013 IEEE Symposium on (May 2013), pp. 127--141.

Digital Library

[12]

Khalil, Y., and Elmaghraby, A. Computer networks resilience challenges: Routing protocols. In Signal Processing and Information Technology (ISSPIT), 2010 IEEE International Symposium on (Dec 2010), pp. 28--33.

Digital Library

[13]

Khan, Y. I., and Risoldi, M. Optimizing algebraic petri net model checking by slicing. International Workshop on Modeling and Business Environments (ModBEaAZ13, associated with Petri NetsaAZ13) (2013).

[14]

Liang, M., Dongxia, W., and Qing, M. A quantitative survivability test method in the large scale network based on sd. In Information and Network Security (ICINS 2013), 2013 International Conference on (Nov 2013), pp. 1--6.

[15]

Najjar, W., and Gaudiot, J.-L. Network resilience: a measure of network fault tolerance. Computers, IEEE Transactions on 39, 2 (Feb 1990), 174--181.

Digital Library

[16]

Petri, C. A. Kommunikation mit Automaten. Dissertation, Schriften des IIM 2, Rheinisch-Westfalisches Institut fur Instrumentelle Mathematik an der Universitat Bonn, Bonn, 1962.

[17]

Reisig, W. Petri nets and algebraic specifications. Theor. Comput. Sci. 80, 1 (1991), 1--34.

Digital Library

[18]

Rosenkrantz, D., Goel, S., Ravi, S., and Gangolly, J. Resilience metrics for service-oriented networks: A service allocation approach. Services Computing, IEEE Transactions on 2, 3 (July 2009), 183--196.

Digital Library

[19]

Sousa, P., Neves, N., and Verissimo, P. How resilient are distributed of fault/intrusion-tolerant systems? In Dependable Systems and Networks, 2005. DSN 2005. Proceedings. International Conference on (June 2005), pp. 98--107.

Digital Library

[20]

Trivedi, K., Kim, D. S., and Ghosh, R. Resilience in computer systems and networks. In Computer-Aided Design - Digest of Technical Papers, 2009. ICCAD 2009. IEEE/ACM International Conference on (Nov 2009), pp. 74--77.

Digital Library

[21]

Xing, F., and Wang, W. Analyzing resilience to node misbehaviors in wireless multi-hop networks. In Wireless Communications and Networking Conference, 2007.WCNC 2007. IEEE (March 2007), pp. 3489--3494.

Digital Library

Cited By

Kaushik M(2024)Cybersecurity Management: Developing Robust Strategies for Protecting Corporate Information SystemsInternational Journal for Global Academic & Scientific Research10.55938/ijgasr.v3i2.753:2(24-35)Online publication date: 2-Jul-2024
https://doi.org/10.55938/ijgasr.v3i2.75
Alhidaifi SAsghar MAnsari I(2024)A Survey on Cyber Resilience: Key Strategies, Research Challenges, and Future DirectionsACM Computing Surveys10.1145/364921856:8(1-48)Online publication date: 26-Apr-2024
https://doi.org/10.1145/3649218
Tzavara VVassiliadis S(2024)Tracing the evolution of cyber resilience: a historical and conceptual reviewInternational Journal of Information Security10.1007/s10207-023-00811-x23:3(1695-1719)Online publication date: 1-Feb-2024
https://doi.org/10.1007/s10207-023-00811-x
Show More Cited By

Index Terms

Cyber Resilience-by-Construction: Modeling, Measuring & Verifying
1. Information systems

Recommendations

A Survey on Cyber Resilience: Key Strategies, Research Challenges, and Future Directions
Cyber resilience has become a major concern for both academia and industry due to the increasing number of data breaches caused by the expanding attack surface of existing IT infrastructure. Cyber resilience refers to an organisation’s ability to prepare ...
SMART Citizen Cyber Resilience (SC2R) Ontology
SIN 2020: 13th International Conference on Security of Information and Networks

Adverse cyber incidents are some of the top risks currently facing the global community. Cybersecurity frameworks and models formulated to mitigate these risks are typically framed from the organizational perspective of governments and the private ...
Towards a Cyber Resilience Quantification Framework (CRQF) for IT infrastructure
Abstract
Cyber resilience quantification is the process of evaluating and measuring an organisation’s ability to withstand, adapt to, and recover from cyber-attacks. It involves estimating IT systems, networks, and response strategies to ensure robust ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SafeConfig '15: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense

October 2015

112 pages

ISBN:9781450338219

DOI:10.1145/2809826

Program Chairs:
Ehab Al-Shaer
University of North Carolina at Charlotte, USA
,
Christopher Oehmen
Pacific Northwest National Laboratory, USA
,
Mohammad Ashiqur Rahman
Tennessee Tech University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12, 2015

Colorado, Denver, USA

Acceptance Rates

SafeConfig '15 Paper Acceptance Rate 8 of 27 submissions, 30%;

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
444
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)5

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kaushik M(2024)Cybersecurity Management: Developing Robust Strategies for Protecting Corporate Information SystemsInternational Journal for Global Academic & Scientific Research10.55938/ijgasr.v3i2.753:2(24-35)Online publication date: 2-Jul-2024
https://doi.org/10.55938/ijgasr.v3i2.75
Alhidaifi SAsghar MAnsari I(2024)A Survey on Cyber Resilience: Key Strategies, Research Challenges, and Future DirectionsACM Computing Surveys10.1145/364921856:8(1-48)Online publication date: 26-Apr-2024
https://doi.org/10.1145/3649218
Tzavara VVassiliadis S(2024)Tracing the evolution of cyber resilience: a historical and conceptual reviewInternational Journal of Information Security10.1007/s10207-023-00811-x23:3(1695-1719)Online publication date: 1-Feb-2024
https://doi.org/10.1007/s10207-023-00811-x
Zheng JOkamura HDohi T(2023)Pull-Type Security Patch Management in Intrusion Tolerant Systems: Modeling and AnalysisMaintenance Management - Current Challenges, New Developments, and Future Directions10.5772/intechopen.105766Online publication date: 5-Apr-2023
https://doi.org/10.5772/intechopen.105766
Safitra MLubis MFakhrurroja H(2023)Counterattacking Cyber Threats: A Framework for the Future of CybersecuritySustainability10.3390/su15181336915:18(13369)Online publication date: 6-Sep-2023
https://doi.org/10.3390/su151813369
Mayfield KPetty MWhitaker TBland JCantrell WLo DKim DGamess E(2019)Component-based Implementation of Cyberattack Simulation ModelsProceedings of the 2019 ACM Southeast Conference10.1145/3299815.3314435(64-71)Online publication date: 18-Apr-2019
https://dl.acm.org/doi/10.1145/3299815.3314435
Rohmeyer PBen-Zvi TLombardi DMaltz A(2017)Capability Effectiveness Testing for Architectural Resiliency in Financial Systems2017 Portland International Conference on Management of Engineering and Technology (PICMET)10.23919/PICMET.2017.8125456(1-7)Online publication date: Jul-2017
https://doi.org/10.23919/PICMET.2017.8125456
Mitchell RSery P(2016)Refining the Foundations for Cyber Zone Defense2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)10.1109/NTMS.2016.7792470(1-6)Online publication date: Nov-2016
https://doi.org/10.1109/NTMS.2016.7792470

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten