Optimal security hardening using multi-objective optimization on attack tree models of networks

Dewri, Rinku; Poolsappasit, Nayot; Ray, Indrajit; Whitley, Darrell

doi:10.1145/1315245.1315272

Cited by 130 publications

(90 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Dewri et al [8] formulate security hardening as a multi-objective optimization problem, using a genetic algorithm to search for an optimal solution based on costs of security hardening and potential damage. Homer and Ou [11] demonstrate the effectiveness of using MinCostSAT as a basis for automated network reconfiguration, with numeric cost values being assigned to each configuration setting and reachable privilege in the attack graph.…”

Section: Related Workmentioning

confidence: 99%

“…Much work has already been done in analyzing network configuration data and identifying network vulnerabilities to construct attack graphs [2,6,7,8,14,15,16,19,20,21,29,30,31,32,35,37,40,41,42,44]. Attack graphs illustrate the cumulative effect of attack steps, showing how series of individual steps can potentially enable an attacker to gain privileges deep into the network.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Aggregating vulnerability metrics in enterprise networks using attack graphs

Homer

Zhang

et al. 2013

JCS

View full text Add to dashboard Cite

Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metrics in an enterprise network, producing quantitative metrics that measure the likelihood breaches can occur within a given network configuration. A clear semantic model for this aggregation is an important first step toward a comprehensive network security metric model. We utilize existing work in attack graphs and apply probabilistic reasoning to produce an aggregation that has clear semantics and sound computation. We ensure that shared dependencies between attack paths have a proportional effect on the final calculation. We correctly reason over cycles, ensuring that privileges are evaluated without any self-referencing effect. We introduce additional modeling artifacts in our probabilistic graphical model to capture and account for hidden correlations among exploit steps. The paper shows that a clear semantic model for aggregation is critical in interpreting the results, calibrating the metric model, and explaining insights gained from empirical evaluation. Our approach has been rigorously evaluated using a number of network models, as well as data from production systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Aggregating vulnerability metrics in enterprise networks using attack graphs

Homer

Zhang

et al. 2013

JCS

View full text Add to dashboard Cite

show abstract

“…The research carried out by [10] describes an Enhanced Attack Tree (EAT) that supports temporal dependencies and sequential threat events that must occur for an attack to be successful. Threat trees have also been extended to provide qualitative [56] and quantitative [6,17,15,9] metrics for risk analysis.…”

Section: Related Researchmentioning

confidence: 99%

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

show abstract

“…Another paradigm is presented in [20]: the use of attack-tree representations to address the network policy enforcement problem. The authors in [20] propose to quantify the damage following an attack and the cost related to the implementation of new security controls; both quantications follow the same cost model. The optimization problem, solved with a genetic algorithm, is to nd a minimum security cost that corresponds to a minimum damage.…”

Section: Open Problems and Limitationsmentioning

confidence: 99%

“…Our approach is dierent from those using attack graph models: we deploy a policy based on a more abstract model than the one dealing with attacker's privileges. Our methodology is placed prior to the attack graph applications and the result of our deployment process could be jointly used with such approaches in [20,30]; our deployment would clearly inuence the attack graph instantiation.…”

Section: Open Problems and Limitationsmentioning

confidence: 99%