Risk analysis has been used to manage the security of systems for several decades. However, its use has been limited to offline risk computation and manual response. In contrast, we use risk computation to drive changes in an operating system's security configuration. This allows risk management to occur in real time and reduces the window of exposure to attack. We posit that it is possible to protect a system by reducing its functionality temporarily when it is under siege. Our goal is to minimize the tension between security and usability by trading them dynamically. Instead of statically configuring a system, we aim to monitor the risk level, using it to drive the tradeoff between security and utility. The advantage of this approach is that it provides users with the maximum possible functionality for any predefined level of risk tolerance.
Risk management can be framed as an exercise in managing the constraints on edge and vertex weights of a tripartite graph, with the partitions corresponding to the threats, vulnerabilities, and assets in the system. If a threat requires a specific permission and affects a particular asset, an edge is added between the threat and the permission that mediates access to the vulnerable resource. Another edge is added between the permission and the asset. The presence of a path from a threat, through a permission check, to an asset contributes an element of risk. Risk can be reduced by denying access to a resource that contains a vulnerability or activating data protection measures. We analyze some of the problems that form the algorithmic underpinnings of optimal risk management.
[1]
Ruth M Davis.
Guidelines for Automatic Data Processing Physical Security and Risk Management
,
1974
.
[2]
Hans Kellerer,et al.
A New Fully Polynomial Approximation Scheme for the Knapsack Problem
,
1998,
APPROX.
[3]
中野 一夫,et al.
自動デ-タ処理に対するリスク・アナリシス-1-〔Guideline for Automatic Data Processing Risk Analysis〕
,
1983
.
[4]
David Connolly.
Knapsack Problems: Algorithms and Computer Implementations
,
1991
.
[5]
Oscar H. Ibarra,et al.
Fast Approximation Algorithms for the Knapsack and Sum of Subset Problems
,
1975,
JACM.
[6]
George Cybenko,et al.
Quantitative risk analysis of computer networks
,
2003
.
[7]
Surendar Chandra,et al.
Augmenting storage with an intrusion response primitive to ensure the security of critical data
,
2006,
ASIACCS '06.
[8]
David S. Johnson,et al.
Computers and Intractability: A Guide to the Theory of NP-Completeness
,
1978
.
[9]
G. Kedem,et al.
Real-time Access Control Reconfiguration
,
2022
.
[10]
Deeparnab Chakrabarty,et al.
Knapsack Problems
,
2008
.
[11]
Ashish Gehani,et al.
Support for automated passive host-based intrusion response
,
2003
.
[12]
Ashish Gehani,et al.
RheoStat: Real-Time Risk Management
,
2004,
RAID.