Abstract:Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer securit… Show more
“…Butts extends the Schematic Protection Model to produce the first comprehensive security model capable of analyzing the safety of a system against the insider threat [13]. Ha et al demonstrate the feasibility of applying capability acquisition graphs to insider threat analysis [14]. Ali et al present an Agent-based User-Profiling model that monitors the behavior of the authorized users in an organization to avoid risk [15].…”
“…Butts extends the Schematic Protection Model to produce the first comprehensive security model capable of analyzing the safety of a system against the insider threat [13]. Ha et al demonstrate the feasibility of applying capability acquisition graphs to insider threat analysis [14]. Ali et al present an Agent-based User-Profiling model that monitors the behavior of the authorized users in an organization to avoid risk [15].…”
“…It means that the credential for a host h1 gives the attacker access to host h2 as well, if these two hosts trust each other. Therefore, the real-life situation that my password gives someone Ha, Chinchani et al [12,7] propose a type of graph which allows not only the modelling but also the simulation of an attacker searching through the graph. Nodes are associated with tokens and edges associated with minimum and maximum costs.…”
Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.
“…Chinchani et al [38,87], from Buffalo University, proposed a target-centric approach which allows not only the modelling but also the simulation of an attacker searching through the graph. Nodes are associated with tokens, e.g.…”
Section: Optimization Perspective Of Attack Graphsmentioning
confidence: 99%
“…We neglect this aspect because, in our view, it is attackerspecific and difficult to generalize. Other researchers [87], mentioned in Section 2.2.3.4 on page 34, rely on complicated schemes to assign cost based on several attributes of vulnerabilities, attackers and attacks. Again, they do not scale, are stakeholder-specific and subjective.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.