Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-Day Attacks

The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally and quantitatively defined for a software, most of the applications at higher abstraction levels, such as the network level, are limited to an intuitive and qualitative notion, losing the modeling power of the original concept. In this paper, we lift the attack surface concept to the network level as a formal security metric for evaluating the resilience of networks against zero day attacks. Specifically, we first develop novel models for aggregating the attack surface of different network resources. We then design heuristic algorithms to estimate the network attack surface while reducing the effort spent on calculating attack surface for individual resources. Finally, the proposed methods are evaluated through experiments.

[1]  Marcus Pendleton,et al.  A Survey on Systems Security Metrics , 2016, ACM Comput. Surv..

[2]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3]  Mattia Monga,et al.  Assessing the risk of using vulnerable components , 2006, Quality of Protection.

[4]  Laurie A. Williams,et al.  Approximating Attack Surfaces with Stack Traces , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[5]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[6]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[7]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[8]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[9]  Wolfgang Schröder-Preikschat,et al.  Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring , 2013, NDSS.

[10]  David A. Wagner,et al.  Setuid Demystified , 2002, USENIX Security Symposium.

[11]  Z. G. Ruthberg,et al.  Technology Assessment: Methods for Measuring the Level of Computer Security , 1985 .

[12]  John McHugh Quality of protection: measuring the unmeasurable? , 2006, QoP '06.

[13]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[14]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[15]  David A. Wagner,et al.  Reducing attack surfaces for intra-application communication in android , 2012, SPSM '12.

[16]  Yves Le Traon,et al.  Automatically securing permission-based software by reducing the attack surface: an application to Android , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[17]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Sushil Jajodia,et al.  A weakest-adversary security metric for network configuration security analysis , 2006, QoP '06.

[19]  Воробьев Антон Александрович Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .

[20]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[21]  Sushil Jajodia,et al.  Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks , 2014, ESORICS.

[22]  Indrajit Ray,et al.  Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[23]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[24]  Yashwant K. Malaiya,et al.  Relationship between Attack Surface and Vulnerability Density : A Case Study on Apache HTTP Server , 2013 .

[25]  Jeannette M. Wing,et al.  Measuring a System's Attack Surface , 2004 .

[26]  Sushil Jajodia,et al.  Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks , 2016, IEEE Transactions on Information Forensics and Security.

[27]  Sushil Jajodia,et al.  Moving Target Defense II: Application of Game Theory and Adversarial Modeling , 2012 .

[28]  Sushil Jajodia,et al.  k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.

[29]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[30]  Jim Lorenz,et al.  Introducing Routing and Switching in the Enterprise, CCNA Discovery Learning Guide , 2008 .

[31]  Sushil Jajodia,et al.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[32]  Atul Prakash,et al.  Distilling critical attack graph surface iteratively through minimum-cost SAT solving , 2011, ACSAC '11.

[33]  May R. Chaffin,et al.  Empirical Estimates and Observations of 0Day Vulnerabilities , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[34]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.