Electrotechnical Analogs in Estimation of Information Safety Risks

BULDYZHOV V. I.

ABSTRACT

Development of attack resistance estimation method is proposed aimed at quantitative estimation of risk level of unknown vulnerabilities and at development of the process of such risks managing

KEYWORDS

risk management, zero-day vulnerabilities, attack resistance.

REFERENCES

1. Stephenson, P. “Using formal methods for forensic analysis of intrusion events - a preliminary examination”, available at: http://www.imfgroup.com/Document Library.html.

2. Amenaza “A Quick Tour of Attack Tree Based Risk Analysis Using”, available at:http://www.amenaza.com .

3. Cuppens, F. (2002), “Alert Correlation in a Cooperative Intrusion Detection Framework”, Proc. of the 2002 IEEE Symposium on Security and Privacy, 2002, available at: hti>://citeseerx.istpsu.edu/viewdoc/download?doi=l0.1.1.103.8332&rep=rep 1 &type=pdf.

4. Camtepe,  S. and  Yener,  B. “A Formal Method for Attack Modeling and Detection”, available at: http://cs.rpi.edu/research/pdf/06-01.pdf .

5. Danforth, M. “Models for Threat Assessment in Networks”, available at: http://www.cs.ucdavis.edu/research/tech-reports/2006/CSE-2006-13.pdf .

6. Jajodia, S. and  Noel, S. (2004), “Managing Attack Graph Complexity Through Visual Hierarchical Aggre­gation”, In 1st Intern. Workshop on Visualization and Data Mining for Computer Security, Washington, DC, pp. 109-118.

7. “The Systems Security Engineering Capability Maturity Model”, available at: http://www.ssecmm.org/index.html .

8. Swanson, М, Bartol, N., Sabato, J. and et al. (2003), “Security Metrics Guide for Information Technology Systems. Special Publication 800-55”,  National Institute of Standards and Technology, available at: http://www.rootsecure.net/con- tent/downloads/pdf7nist_security_metrics_guide.pdf.

9. Stoneburner, G., Hayden, C. and  Feringa, A. (2004), “Engineering Principles for Information Technology Security. Special Publication 800-27 (Rev A)”, National Institute of Standards and Tech­nology, available at: http://csrc.nist.gov/publi- cations/nistpubs/800-27A/SP800-27-RevA.pdf.

10.       Chew, E., Swanson, M., Stine, К. and et al. (2008), “NIST Special Publication 800-55. Revision 1.Perfor­mance Measurement Guide for Information Security”,available at: http://csrc.nist.gov/publications/nis^pubs/800-55-Revl/SP800-55-revl .pdf.

11.       Stoneburner, G.,  Goguen, A. and  Feringa, A. (2001), “NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems”, available at: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf .

12.       Mell, P., Scarforne, К. and  Romanosky, S. “A Complete Guide to the Common Vulnerability Scoring System (CVSS). Version 2.0.”, available at: http://www.first.org/cvss/cvss-guide.html .

13.       Ritchey, R. and  Аmmаnn, Р. (2000), “Using Model Checking to Analyze Network Vulnerabilities “, Proc. IEEE Symposium on Security and Privacy, available at: http://www.cs.washington.edu/research/projecWpoirae/Oaldand/sp/PAPERS/0007_17.PDF .

14.       Sheyner, О, Haines, J., Jha, S. and et al. (2002), “Automated Generation and Analysis of Attack Graphs”,  Ibid., available at: http://wiki.cac.washington.edu/ download/attachmmts/100(W785/Automated^

15.       Аmmаnn, Р., Wijesekera,  D. and  Kaushik, S. (2002), “Scalable, Graph-Based Network Vulnerability Analysis”, Proc. Conf. on Computer and Communications Security, available at: http://mason.gmu.edu/~skaushik/index_files/pl60-ammann.pdf .

16.       Lippmann, R., Ingols, К., Scott, С. and et al. “Validating and Restoring Defense in Depth Using Attack Graphs”, MILCOM Military Communications Conference, available at: http://www.ll.mit.edu/mission/communications/ist/publica- tions/ 061023_Lippmann.pdf.

17.       Noel, S. and  Jajodia, J. (2005), “Understanding Complex Network Attack Graphs through Clustered Adja­cency Matrices”, Proc. 21st Annual Computer Security Applications Conf., available at: http://www.acsac.org/2005/papers/87.pdf .

18.       Noel,  S. and  Jajodia, S. (2004), “Managing Attack Graph Complexity through Visual Hierarchical Aggre­gation”, Proc. ACM CCS Workshop on Visualization and Data Mining for Computer Secu­rity, available at: http://csis.gmu.edu/noel/pubs/ 2004_VizSec.pdf.

19.       Noel, S. and  Jajodia, S. (2009), “Advanced Vulnerability Analysis and Intrusion Detection through Predictive Attack Graphs”, Critical Issues in C4I, Armed Forces Communications and Electron­ics Association (AFCEA) Solutions Series, available at: http://csis.gmu.edu/noel/pubs/2009_c4i.pdf .

20.       Noel, S. and  Jajodia, S. “Proactive Intrusion Prevention and Response via Attack Graphs”,  Practi­cal Intrusion Detection. Ed. by Ryan Trost, Addison-Wesley Professional (in preparation), available at: http://csis.gmu.edu/noel/pubs/ 2008_IDS_ chapter.pdf.

21. Cuppens, F. and Ortalo, R. (2000), “LAMBDA: A Language to Model a Database for Detection of  At­tacks”, Proc. on Recent Advances in Intrusion Detection, Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs, available at: http://www.springerlink.com/content/4yru642mlЈ354fdv/.

22. Templeton, Levitt К. (2000), “A Requires/Provides Model for Computer Attacks”, Proc. New Security Paradigms Workshop, available at: http://seclab.cs . ucdavis.edu/ papers/NP2000-rev.pdf.

23. Ritchey, R., О'Berry, В. and  Noel, S. (2002),  “Representing TCP/IP Connectivity for Topological Analysis of Network Security”, Proc. 18th Annual Computer Security Applications Conf.

24. Skybox Security, available at: http://www.skyboxsecurity.com/.

25. RedSeal Systems, available at: http://www.redseal.net/.

26. Lippmann, R. and  Ingols, К. (2005), “An Annotated Review of Past Papers on Attack Graphs”, Lincoln Laboratory Technical Report ESC-TR-2005-054.

27. Frigault, M., Wang, L., Singhal, A. and  Jajodia, S. (2008), “Measuring Network Security Using Dynamic Bayesian Network”, 2008 ACM Workshop on Quality of Protection, available at: http://csrc.nist.gov/staffi'Singhal/qop2008_DBNjpaper.pdf .

28. Wang, L., Singhal, A. and  Jajodia, S. (2007),“Measuring the Overall Security of Network Configurations using Attack Graphs”,  Proc. 21st IFIP WG 11.3 Working Conference on Data and Applica­tions Security, Springer-Verlag.

29. Pamula, J., Jajodia, S., Ammann, P. and  Swarup, V. (2006), “A Weakest-Adversary Security Metric for Network Configuration Security Analysis”, Proc. 2nd ACM Workshop on Quality of Protec­tion, ACM Press, available at: http://dl.acm.org/cita- tion.cfin?id=l 179502.

30. Wang, L., Islam, Т., Long, T. and et al. (2008), “An Attack Graph Based Probabilistic Security Metrics”,  Proc. 22nd IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC 2008), London, 2008, available at: http://www.nist.gov/ iti/csd/singhal-anoop.cfm.

31. Singhal, A. and  Xou, S. (2009), “Techniques for Enterprise Network Security Metrics”,  Proc. 2009 Cyber Security and Information Intelligence Research Workshop, Oakridge National Labs, 2009, available at: http://www.csiir.oml.gov/csiirw/09/ CSIIRW09-Proceedings/Abstracts/Singhal_abstract.pdf.

32. Manadhata, P., Wing, J., Flynn, M. and  McQueen M. (2006), “Measuring the attack surface of two FTP daemons”, Proc. 2nd ACM Workshop on Quality of Protection, available at: http://www.cs.cmu.edu/~pratyus/qop.pdf .

33. Ou, Х., Govindavajhala, S.,  Appel, A.W. (2005), “MulVAL: A logic-based network security analyzer”, The 14th USENIX Security Symposium, Baltimore, MD, USA, 2005, available at: http://www.cis.ksu.Edu/~xou/publications/mulval_sec05.pdf .

Full text: PDF (in Russian)