Attack Graphs and Scenario Driven Wireless Computer Network Defense

This chapter describes how to use attack graphs to evaluate the security vulnerabilities of an embedded computer network and provides example cases of this technique. Attack graphs are powerful tools available to system administrators to identify and manage vulnerabilities. Attack graphs describe the steps an adversary could take to reach a desired goal and can be analyzed to quantify risk. The systems investigated in this chapter are embedded systems that span hardware, software, and network communication. The example cases studied will be (1) radio frequency identification (RFID), (2) vehicle networks, and (3) the Smart Grid (the next generation power and distribution network in the USA). DOI: 10.4018/978-1-4666-0104-8.ch016

[1]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2]  Kun Chen,et al.  A Radiofrequency Identification (RFID) Temperature-Monitoring System for Extended Maintenance of Nuclear Materials Packaging , 2009 .

[3]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[5]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[6]  Marlin H. Mickle,et al.  Analysis Methods for Sensor Networks , 2009, Guide to Wireless Sensor Networks.

[7]  Deniz Umut Erhan,et al.  General Outlook on Financial Structure and Capital Adequacy of ISE-30 Companies during Economic Crisis (2008-2009) , 2013 .

[8]  Paolo Bellavista,et al.  Trust Management and Context-Driven Access Control , 2008 .

[9]  Srinivas Padmanabhuni,et al.  Security in Service-Oriented Architecture: Issues, Standards, and Implementations , 2008 .

[10]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[11]  Bhavani M. Thuraisingham,et al.  Policy Enforcement System for Inter-Organizational Data Sharing , 2010, Int. J. Inf. Secur. Priv..

[12]  K. Clark,et al.  Qualitative and quantitative analytical techniques for network security assessment , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[13]  Kees Nieuwenhuis,et al.  Information Systems for Crisis Response and Management , 2007, Mobile Response.

[14]  Syed Masud Mahmud,et al.  Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs , 2005, IEEE Transactions on Vehicular Technology.

[15]  Marlin H. Mickle,et al.  Analytic modelling methodology for analysis of energy consumption for ISO 18000-7 RFID networks , 2007, Int. J. Radio Freq. Identif. Technol. Appl..

[16]  Zhi Xue,et al.  Two Stochastic Models for Security Evaluation Based on Attack Graph , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[17]  Lan Anh Tran,et al.  Securing Web Services: Practical Usage of Standards and Specifications , 2008 .

[18]  Scott F. Midkiff,et al.  Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols , 2009, IEEE Transactions on Vehicular Technology.

[19]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[20]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[21]  K. Clark,et al.  Guiding Threat Analysis with Threat Source Models , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[22]  J. Shuler,et al.  Applying RFID technology in nuclear materials management , 2008 .

[23]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[24]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[25]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[26]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[27]  Robert L. Totterdale Globalization and Data Privacy: An Exploratory Study , 2010, Int. J. Inf. Secur. Priv..

[28]  Kazuhiro Kondo Multimedia Information Hiding Technologies and Methodologies for Controlling Data , 2012 .

[29]  John Hale,et al.  On Modeling Computer Networks for Vulnerability Analysis , 2002, DBSec.

[30]  Christian Payne,et al.  Towards Usable Application-Oriented Access Controls: Qualitative Results from a Usability Study of SELinux, AppArmor and FBAC-LSM , 2012, Int. J. Inf. Secur. Priv..

[31]  Dominik Brunner,et al.  An Efficient GIS Concept for Disaster Management in Developing Countries Based on Virtual Globes , 2009, Int. J. Inf. Syst. Crisis Response Manag..

[32]  Jun Zheng,et al.  Handbook of Research on Wireless Security , 2008 .

[33]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[34]  Robert Hauptman Encyclopedia of Information Ethics and Security , 2007, Encyclopedia of Information Ethics and Security.

[35]  Murray E. Jennex Crisis Response and Management and Emerging Information Systems: Critical Applications , 2011 .

[36]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[37]  O-Hyung Kwon,et al.  Watermarking for Still Images Using a Computation of the Watermark Weighting Factor and the Human Visual System in the DCT Domain , 2013 .