Assessing the risk of complex ICT systems

ICT systems are becoming increasingly complex and dynamic. They mostly include a large number of heterogeneous and interconnected assets (both physically and logically), which may be in turn exposed to multiple security flaws and vulnerabilities. Moreover, dynamicity is becoming paramount in modern ICT systems, since new assets and device configurations may be constantly added, updated, and removed from the system, leading to new security flaws that were not even existing at design time. From a risk assessment perspective, this adds new challenges to the defenders, as they are required to maintain risks within an acceptable range, while the system itself may be constantly evolving, sometimes in an unpredictable way. This paper introduces a new risk assessment framework that is aimed to address these specific challenges and that advances the state of the art along two distinct directions. First, we introduce the risk assessment graphs (RAGs), which provide a model and formalism that enable to characterize the system and its encountered risks. Nodes in the RAG represent each asset and its associated vulnerability, while edges represent the risk propagation between two adjacent nodes. Risk propagations in the graph are determined through two different metrics, namely the accessibility and potentiality, both formulated as a function of time and respectively capture the topology of the system and its risk exposure, as well as the way they evolve over time. Second, we introduce a quantitative risk assessment approach that leverages the RAGs in order to compute all possible attack paths in the system and to further infer their induced risks. Our approach achieves both flexibility and generality requirements and applies to a wide set of applications. In this paper, we demonstrate its usage in the context of a software-defined networking (SDN) testbed, and we conduct multiple experiments to evaluate the efficiency and scalability of our solution.

[1]  Alexander Schrijver,et al.  Combinatorial optimization. Polyhedra and efficiency. , 2003 .

[2]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[3]  Ali Ridha Mahjoub,et al.  A Bilevel Programming Model for Proactive Countermeasure Selection in Complex ICT Systems , 2018, Electron. Notes Discret. Math..

[4]  Sajjan G. Shiva,et al.  Use of Attack Graphs in Security Systems , 2014, J. Comput. Networks Commun..

[5]  Christopher J. Alberts,et al.  Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0 , 1999 .

[6]  Phongphun Kijsanayothin,et al.  Analytical Approach to Attack Graph Analysis for Network Security , 2010, 2010 International Conference on Availability, Reliability and Security.

[7]  David A. Schmidt,et al.  Aggregating vulnerability metrics in enterprise networks using attack graphs , 2013, J. Comput. Secur..

[8]  George B. Dantzig,et al.  Linear programming and extensions , 1965 .

[9]  John S. Baras,et al.  Path Problems in Networks , 2010, Path Problems in Networks.

[10]  Jin B. Hong,et al.  HARMs: Hierarchical Attack Representation Models for Network Security Analysis , 2012, AISM 2012.

[11]  Grant Purdy,et al.  ISO 31000:2009—Setting a New Standard for Risk Management , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[12]  Gabriel Jakobson,et al.  Mission cyber security situation assessment using impact dependency graphs , 2011, 14th International Conference on Information Fusion.

[13]  Atul Prakash,et al.  Distilling critical attack graph surface iteratively through minimum-cost SAT solving , 2011, ACSAC '11.

[14]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[15]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[16]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[17]  Wei Huang,et al.  Toward optimal multi-objective models of network security: Survey , 2011, The 17th International Conference on Automation and Computing.

[18]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[19]  Johan van Benthem,et al.  Logical Dynamics of Information and Interaction , 2014 .

[20]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[21]  Nora Cuppens-Boulahia,et al.  Situation Calculus and Graph Based Defensive Modeling of Simultaneous Attacks , 2013, CSS.

[22]  Nizar Kheir,et al.  A New Risk Assessment Framework Using Graph Theory for Complex ICT Systems , 2016, MIST@CCS.

[23]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[24]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[25]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[26]  Jeannette M. Wing CHAPTER 9 – Scenario Graphs Applied to Network Security , 2008 .

[27]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.