Using Vulnerable Hosts to Assess Cyber Security Risk in Critical Infrastructures

Transcription

1 Workshop on Novel Approaches to Risk and Security Management for Utility Providers and Critical Infrastructures Using Vulnerable Hosts to Assess Cyber Security Risk in Critical Infrastructures Xiaobing He Hermann de Meer University of Passau Chair of Computer Networking and Communication Vienna

2 Contents Motivation Problem description Vulnerability-centric risk model Conclusion and outlook Workshop on Novel Approaches to Risk and Security Management, Vienna 2

3 Motivation (1/2) Data source: Workshop on Novel Approaches to Risk and Security Management, Vienna 3

4 Motivation (2/2) Modern industrial critical infrastructures are Prone to cyber-related vulnerabilities Prone to hard- and software failures (systematic) Interdependent (cascading failures) Cyber attacks on critical infrastructures increase in number and impact Annual losses in the range of billion * Recent attacks targeting critical infrastructures: Dragonfly and Shamoon Operations *ENISA: Cyber Attacks cost over $400 Billion Annually Workshop on Novel Approaches to Risk and Security Management, Vienna 4

5 Problem description Goals Identify and mitigate security incidents Supply security operators with quantitative risk value Problems Vulnerability-based risk analysis Potentially ignored vulnerability evolution Challenging to integrate the strategic importance of hosts Accommodating heterogeneous/interdependent hosts in the same model framework Challenges of understanding vulnerability interdependency Workshop on Novel Approaches to Risk and Security Management, Vienna 5

6 Vulnerability-centric risk model to achieve aforementioned goals Features Strategic importance of hosts is respected Novel risk score metric respecting importance of hosts Network topology and resulting interconnectedness Spreading of incidents can be simulated Probability reasoning Calculation of likelihood of vulnerability exploitation Workshop on Novel Approaches to Risk and Security Management, Vienna 6

7 Model uses vulnerability-centric approach Vulnerability can be discovered by manual look-ups Vulnerability data can be collected by active/passive scanners Success of an attack depends on the degree of vulnerability Workshop on Novel Approaches to Risk and Security Management, Vienna 7

8 Model assumptions Does not account for the time interval of vulnerability exploitation Consider the design and system flaws Intelligent/adaptive behaviors of attackers are not included The influence of different environments on the risk is omitted Workshop on Novel Approaches to Risk and Security Management, Vienna 8

9 Hostvulnerability structure Heap corruption in OpenSSH (H 3, 2) G x = (V, E) represents a graph showing the result of an attack A: V = hosts (H x ) and the obtained privilege level of a given attack A (0, 1, 2) E = Exploitation of a given vulnerability via a logical network connection (H 3, 1) LICQ Buffer Overflow Remote login service local information disclosure (H 1, 1) (H 2, 0) Workshop on Novel Approaches to Risk and Security Management, Vienna 9

10 Hostvulnerability structure CVSS-based Individual Score Assignment Individual exploitation probability E 0 v = f(b, t) Base metrics Temporal metrics LICQ Buffer Overflow CVE Workshop on Novel Approaches to Risk and Security Management, Vienna 10

11 Hostvulnerability structure CVSS-based Individual Score Assignment Vulnerability Dependency CVE (H 3, 2) (H 3, 1) (H 1, 1) (H 2, 0) CVE CVE CVE CVE Workshop on Novel Approaches to Risk and Security Management, Vienna 11

12 Hostvulnerability structure CVSS-based Individual Score Assignment Vulnerability Dependency Exploitability of dependent vulnerability E 0 (v 1 ) = 36% Φ(v 1 ) =? E 0 (v 3 ) = 74% Probability reasoning Account for multiple paths E 0 (v 2 ) = 70% Φ(v 3 ) =? E 0 (v 5 ) = 81% E 0 (v 6 ) = 71% Φ(v 2 ) =? E 0 v 4 = 72% Φ(v 4 ) =? Φ(v 5 ) =? Φ(v 6 ) =? Workshop on Novel Approaches to Risk and Security Management, Vienna 12

13 Qualitative risk M R h = є (D i Φ(v i )) i=1 Where: Є = the strategic importance level of host h [0,1] D i = the estimate of potential damage [ ] after exploiting v i Φ(v i ) = the cumulative exploitability probability [0,1] Workshop on Novel Approaches to Risk and Security Management, Vienna 13

14 Conclusion and outlook A quantitative risk analysis Focuses on system s topology structure and a list of vulnerabilities Uses a probability reasoning algorithm to induce the likelihood of vulnerability exploitation Possible future extensions A supporting tool to automate the analysis Integrate costs of exploiting vulnerabilities to calculate risk Risk analysis for zero-day vulnerabilities Workshop on Novel Approaches to Risk and Security Management, Vienna 14

15 Thank you for listening! Questions? Workshop on Novel Approaches to Risk and Security Management, Vienna 15