A formal approach for network security management based on qualitative risk analysis

The risk analysis is an important process for enforcing and strengthening efficient and effective security. Due to the significant growth of the Internet, application services, and associated security attacks, information professionals face challenges in assessing risk of their networks. The assessment of risk may vary with the enterprise's requirements. Hence, a generic risk analysis technique is suitable. Moreover, configuring a network with correct security policy is a difficult problem. The assessment of risk aids in realizing necessary security policy. Risk is a function of security threat and impact. Security threats depend on the traffic reachability. Security devices like firewalls are used to selectively allow or deny traffic. However, the connection between the network risk and the security policy is not easy to establish. A small modification in the network topology or in the security policy, can change the risk significantly. It is hard to manually follow a systematic process for configuring the network towards security hardening. Hence, an automatic generation of proper security controls, e.g., firewall rules and host placements in the network topology, is crucial to keep the overall security risk low. In this paper, we first present a declarative model for the qualitative risk analysis. We consider transitive reachability, i.e., reachability considering one or more intermediate hosts, in order to compute exposure of vulnerabilities. Next, we formalize our risk analysis model and the security requirements as a constraint satisfaction problem using the satisfiability modulo theories (SMT). A solution to the problem synthesizes necessary firewall policies and host placements. We also evaluate the scalability of the proposed risk analysis technique as well as the synthesis model.

[1]  Sushil Jajodia,et al.  Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[2]  Ehab Al-Shaer,et al.  Network configuration in a box: towards end-to-end verification of network reachability and security , 2009, 2009 17th IEEE International Conference on Network Protocols.

[3]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[4]  Cesare Tinelli,et al.  The SMT-LIB Standard: Version 1.2 , 2005 .

[5]  Ehab Al-Shaer,et al.  On synthesizing distributed firewall configurations considering risk, usability and cost constraints , 2011, 2011 7th International Conference on Network and Service Management.

[6]  Nikolaj Bjørner,et al.  Satisfiability Modulo Theories: An Appetizer , 2009, SBMF.

[7]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[8]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[9]  Xinming Ou,et al.  SAT-solving approaches to context-aware enterprise network security management , 2009, IEEE Journal on Selected Areas in Communications.

[10]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[11]  Steve Elky An Introduction to Information System Risk Management , 2007 .

[12]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[13]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[14]  Anoop Singhal,et al.  Techniques for enterprise network security metrics , 2009, CSIIRW '09.

[15]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..