Combining Defense Graphs and Enterprise Architecture Models for Security Analysis

Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based extended influence diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.

[1]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[2]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[3]  Daniel J. Ryan,et al.  Expected benefits of information security investments , 2006, Comput. Secur..

[4]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[5]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[6]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[7]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[8]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[9]  Robert Lagerström,et al.  Enterprise architecture analysis with extended influence diagrams , 2007, Inf. Syst. Frontiers.

[10]  Nathalie Louise Foster,et al.  The application of software and safety engineering techniques to security protocol development , 2002 .

[11]  Ross D. Shachter Probabilistic Inference and Influence Diagrams , 1988, Oper. Res..

[12]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[13]  Ronald A. Howard,et al.  Influence Diagram Retrospective , 2005, Decis. Anal..

[14]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[15]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[16]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[17]  L. C. van der Gaag,et al.  Building probabilistic networks: Where do the numbers come from? - a guide to the literature , 2000 .

[18]  Marek J. Druzdzel,et al.  Elicitation of Probabilities for Belief Networks: Combining Qualitative and Quantitative Information , 1995, UAI.

[19]  Robert Lagerström,et al.  Extended Influence Diagram Generation , 2007, IESA.

[20]  Takeo Kanade,et al.  Formal Aspects in Security and Trust , 2008, Lecture Notes in Computer Science.

[21]  David A. Schkade,et al.  WHERE DO THE NUMBERS COME FROM , 1993 .

[22]  Erik Johansson,et al.  Assessment of Enterprise Information Security : How to make it Credible and Efficient , 2005 .

[23]  Ronald A. Howard,et al.  Influence Diagrams , 2005, Decis. Anal..

[24]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[25]  Stefano Bistarelli,et al.  Using CP-nets as a guide for countermeasure selection , 2007, SAC '07.

[26]  Ross D. Shachter Evaluating Influence Diagrams , 1986, Oper. Res..