Rodríguez, Ricardo J; Chang, Xiaolin; Li, Xiaodan; Trivedi, Kishor S
Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack Proceedings Article
In: Kordy, Barbara; Ekstedt, Mathias; Kim, Seong Dong (Ed.): Proceedings of the 3rd International Workshop on Graphical Models for Security, pp. 134–149, 2016.
Abstract | Links | BibTeX | Tags: APT, Cyberattacks, Markov chains, Security metrics, Stochastic reward nets, Survivability, Transient analysis
@inproceedings{RCLT-GraMSec-16,
title = {Survivability Analysis of a Computer System under an Advanced Persistent Threat Attack},
author = {Ricardo J Rodríguez and Xiaolin Chang and Xiaodan Li and Kishor S Trivedi},
editor = {Barbara Kordy and Mathias Ekstedt and Seong Dong Kim},
url = {http://webdiis.unizar.es/~ricardo/files/papers/RCLT-GraMSec-16.pdf},
doi = {10.1007/978-3-319-46263-9_9},
year = {2016},
date = {2016-01-01},
booktitle = {Proceedings of the 3rd International Workshop on Graphical Models for Security},
volume = {9987},
pages = {134--149},
abstract = {Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.},
keywords = {APT, Cyberattacks, Markov chains, Security metrics, Stochastic reward nets, Survivability, Transient analysis},
pubstate = {published},
tppubtype = {inproceedings}
}
Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.