Network security (Part II): Can we do a better job? "



Similar documents
A Graph theoretical approach to Network Vulnerability Analysis and Countermeasures

Attack graph analysis using parallel algorithm

A Review on Zero Day Attack Safety Using Different Scenarios

ON ATTACK GRAPH MODEL OF NETWORK SECURITY. Hasmik Sahakyan, Daryoush Alipour

VEA-bility Security Metric: A Network Security Analysis Tool

Attack Graph Techniques

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Inspection of Vulnerabilities through Attack Graphs and Analyzing Security Metrics Used For Measuring Security in A Network.

Software Vulnerability Assessment

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

1 Scope of Assessment

Advances in Topological Vulnerability Analysis

Network Security and Risk Analysis Using Attack Graphs

Enterprise Software Management Systems by Using Security Metrics

Vulnerability Assessment Report Format Data Model

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

VEA-bility Analysis of Network Diversification

Using AI Techniques to improve Pentesting Automation

Institut Teknologi Bandung, Jl. Ganesha 10 Bandung 40553, Indonesia

Structuring a Vulnerability Description for Comprehensive Single System Security Analysis

Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming

CDM Vulnerability Management (VUL) Capability

FIREWALL POLICY November 2006 TNS POL - 008

ISSN : Asian Journal of Engineering and Technology Innovation 02 (05) 2014 (05-09) QR Code for Mobile users

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Quantitative Security Risk Analysis of Enterprise Systems: Techniques and Challenges Tutorial ICISS, December 2014

NIST Interagency Report 7788 Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Modelling and Analysing Network Security Policies in a Given Vulnerability Setting

Metrics Suite for Enterprise-Level Attack Graph Analysis

Using Vulnerable Hosts to Assess Cyber Security Risk in Critical Infrastructures

CDM Hardware Asset Management (HWAM) Capability

VULNERABILITY SCANNERS: A PROACTIVE APPROACH TO ASSESS WEB APPLICATION SECURITY

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Computer Networks & Computer Security

Risk Analytics for Cyber Security

Cisco Advanced Services for Network Security

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Virtual Terrain: A Security-Based Representation of a Computer Network

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006

strategic white paper

A Novel Approach on Zero Day Attack Safety Using Different Scenarios

IBM Managed Security Services Vulnerability Scanning:

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

How To Test Performance Of A Network Attack Graph On A Network

Statistical Analysis of Computer Network Security. Goran Kap and Dana Ali

Hackers: Detection and Prevention

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

SNI Vulnerability Assessment Report

Security Optimization of Dynamic Networks with Probabilistic Graph Modeling and Linear Programming

Internet Firewall Vulnerability Analysis Method

End-user Security Analytics Strengthens Protection with ArcSight

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Network and Host-based Vulnerability Assessment

Payment Card Industry (PCI) Executive Report 08/04/2014

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Web Plus Security Features and Recommendations

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Measuring the Overall Security of Network Configurations Using Attack Graphs

Cisco IPS Tuning Overview

Directory and File Transfer Services. Chapter 7


This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

How To Analyze And Detect A Network Attack Through A Network Graph

GFI White Paper PCI-DSS compliance and GFI Software products

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Understanding Security Testing

Commissioners Irving A. Williamson, Chairman Daniel R. Pearson Shara L. Aranoff Dean A. Pinkert David S. Johanson Meredith M.

Self-Defending Approach of a Network

Penetration Testing. Presented by

Evaluation Report. Office of Inspector General

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Attack Graph based Evaluation of Network Security

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Penetration Testing Report Client: Business Solutions June 15 th 2015

Five Steps to Improve Internal Network Security. Chattanooga ISSA

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Detection and mitigation of Web Services Attacks using Markov Model

Basics of Internet Security

Payment Card Industry (PCI) Executive Report 10/27/2015

Building A Secure Microsoft Exchange Continuity Appliance

Cyberspace Forensics Readiness and Security Awareness Model

Vulnerability Scan. January 6, 2015

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

EVALUATION OF TOOLS FOR CYBER SECURITY

EXPLORING VULNERABILITIES IN NETWORKED TELEMETRY

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Network Security Administrator

Penetration Testing Service. By Comsec Information Security Consulting

Running head: USING NESSUS AND NMAP TOOLS 1

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

CRYPTUS DIPLOMA IN IT SECURITY

Transcription:

Network security (Part II): Can we do a better job? Rattikorn Hewett Outline State of the practices Drawbacks and Issues A proposed alternative NSF SFS Workshop August 14-18, 2014 2 Computer Network Computer Network How can I secure this network? Network Administrator 3 4 1

State of the practices State of the practices 1) Admission Control 2) Data Control Encryption Verifying the identification of authorized users Encryption/Decryption of data to be transmitted 5 6 State of the practices State of the practices 3) Infection Control 4) Security Policy ftp http SMTP Virus protection, virus removal, and infection containment Firewall policy to protect unauthorized requests from outside the network 7 8 2

State of the practices State of the practices Common IT Security Setup Where is the weakness of this network to hack into? Where is the weakness of this network to hack into? Encryption Encryption Attacker Attacker Secure enough? What about IDS to detect intrusion? Network Administrator Network Administrator 9 10 State of the practices Outline 4) IDS (Intrusion Detection System) Encryption I will outsmart IDS with new tricks State of the practices Drawbacks and Issues A proposed alternative Attacker IDS monitors network activities and alerts when attack patterns are detected 11 12 3

Recaps current practices & drawbacks Other Issues.. Admission control, e.g., authentication Data control, e.g., encryption Infection control, e.g., anti-virus, virus removal/containment Security policy, e.g., firewalls, RBAC(role-based access control) à Most defend attack at entering points or prevent non-targeted spreading à What about targeted attacks in the network? Intrusion detection system (IDS) à Can t prevent attacks à Can t detect unfamiliar attacks à Requires resource for continuous monitoring Computer networks are unavoidably vulnerable as long as they have to provide services Network Vulnerabilities Network Configurations Ports & services enabled Exploitable errors in Implementation of Software Services Apache Chunked-Code on Apache web servers Buffer overflow on Windows XP SP2 operating environments TNS- Listener on Oracle software for database servers 13 14 Network Security Issues Network Security Issues Computer networks are vulnerable Apache Chunked-Code Buffer-Over flow Apache httpd version 1.3 through 1.3.24 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunkencoded HTTP request that causes Apache to use an incorrect size. Oracle TNS Listener Wu-ftpd SockPrintf Wu-ftpd restricted-gid CVE 2002-0392 Common Vulnerability & Exposure Computer networks are vulnerable Commercial scanners can only detect network vulnerabilities at individual points 15 16 4

Network Security: Issues Outline Computer networks are vulnerable Commercial scanners can only detect network vulnerabilities at individual points Current state of the practices Issues and drawbacks A proposed alternative Perfectly secure isolated services do not guarantee secure network of combined services 17 18 A preventative approach Security Model Generation Idea: Pre-determine all possible attacks from network vulnerabilities Use results to determine appropriate actions Network Vulnerabilities Security Model Configurations Generation Security Policy Prioritize critical path Model Select appropriate Analysis counter measures Attack Model: all possible chains of exploits (or exploitable vulnerabilities) Goal: To generate all possible attacks from network vulnerabilities CVE-1 CVE-3 Scanner CVE-1 CVE-2 CVE-4 Exploit CVE-1. Exploit CVE-3 Exploit CVE-4 Exploit CVE-2 Exploit CVE-1. All possible attacks Identify vulnerabilities of each computer in the network using a vulnerability scanner (e.g., Nessus, SAINT, OpenVAS) Apply all exploitable vulnerabilities for each attack state 19 20 5

Example of Simple Network Example of Simple Network Host A, access = 2 ap tns t 1 t 2 Scan the vulnerabilities ap t 1 Goal: root access tns t2 Exploit ap? Preconditions: Access on A 1 A & W are connected 21 22 Example of Simple Network Example of Simple Network Host A, access = 2 Host A, access = 2 ap t 1 tns t 2 exploit ap Host W access = 2 ap tns t 1 t 2 Exploit tns? Preconditions: Access on A 1 A & D are connected 23 24 6

Example of a simple network Complete Attack Model Can you finish the rest? Host A, access = 2 ap tns t 1 t 2 Exploit tns? t 1 Not exploitable Host W, access = 1 Goal: root access of a database server Attack Model shows all possible attack paths 25 26 A preventative approach Why model analysis? - Example Idea: Pre-determine all possible attacks from network vulnerabilities Use results to determine appropriate actions Network Vulnerabilities Security Model Configurations Generation Security Policy Prioritize critical path Model Select appropriate Analysis counter measures Attack Model: all possible chains of exploits (or exploitable vulnerabilities) How can we prevent attack to gain root access at IP2? v 3 = CVE-2004-0148 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. Counter-measure 1. Upgrade wu-ftpd to version > 2.6.2, OR 2. Replace wu-ftpd with other ftpd-service, OR 3. Stop providing ftpd-service at IP2 Root access to IP2 27 28 7

Why model analysis? - Example Issues How can we prevent attack to gain root access at IP2? Block v 3 into IP2 More. Block v 1 into IP2 The resulting attack models are huge even for a small network Root access at the attacker s machine How do we identify these blocks? How do we pick an appropriate block/counter measure? Which state to focus first, e.g., (IP1, 2) vs. (IP2, 1) Which is more likely to be attacked? Root access to IP2 Goal: Root access to IP2 How do we effectively analyze the huge attack model? 29 30 Attack Model Analysis Exploit-based Analysis To extract useful information from security model to protect the network Visualization Group similar nodes for display [Noel & Jajodia, 05] Manual, time-consuming Non-systematic Markov model-based Estimate likelihood of attack [Sheyner et al., 02; Mehta et al.,06; PageRank] None uses knowledge about networks Handle cyclic models Graph-based Minimisation analysis to block attack paths [Jha et al, 02] Automatic Limited to specific models Our approach Exploit-based analysis Use knowledge about exploitability Prioritizes attack points in an attack model based on the ease in exploiting their vulnerabilities Easy to exploit à High exploitability à High priority (for fixing) Approach Estimate a probability distribution of intrusion for each attack state To obtain its relative chance of being attacked using the knowledge about exploitability 31 32 8

Exploitability Exploitability Atomic level Exploitability of each vulnerability Access Vector Access Complexity E.g., remote, local E.g., low efforts to exploit E.g., no or single authentication Atomic level Exploitability of each vulnerability (degrees 1à 10) High exploitability à High vulnerability à Easy to exploit 33 34 Exploitability Markov Model Atomic level Exploitability of each vulnerability (degrees 1à 10) Global level Exploitability of attack states in the network topology à Based on Markov Model (Applied to PageRank) Approximates a probability distribution of dynamic behaviors randomly evolving to a stationary state à Define the probability of intrusion of each attack point recursively Markov Property: The probability distribution for the future network intrusion only depends on the current states à Repeat the computation until no change in the probability distribution approximation 35 36 9

Recurrence Equation Recurrence Equation h(u, v) = exploitability of exploits from state u to v r t (u) = probability of state u being attacked at time t d = probability that attackers continue attacking on a current path h(u, v) = exploitability of exploits from state u to v r t (u) = probability of state u being attacked at time t d = probability that attackers continue attacking on a current path If v is not an initial state Chance of continuing attack Chances of entering v Chances of exploitability of u to v v h(u,v) u If v is an initial state + Chance of entering v from all other states ExploitRank Algorithm 37 39 Center for (thus, Science & maintain Engineering of Cyber a user Security access level in a Whitacre victim College host), of Engineering and to 38 obtain a denial of service (thus, gain a root access level in the victim host), respectively. Local users can exploit the last vulnerability to bypass access restrictions by changing their access permissions of a home directory via the ftp, which causes its service program, wu-ftpd to, instead, allow access of the root directory. We annotate each configuration of the network in Figure 4 with its corresponding vulnerabilities and their associated A simple labels. Illustration For example, IP2 has two vulnerabilities, namely CVE-2006-5794 (or v 1) and CVE-2004-0148 (or v 3). More details of these common standard vulnerabilities are described in [14, 17]. Although our approach can be applied to any form of a security model, in this study we use a host-centric attack graph model [5]. Suppose the goal of an attacker is to violate a security requirement. Based on the network configurations and the vulnerabilities shown in Figure 4, we can automatically generate a host-centric attack model as shown in Figure 5 a) by employing a model-checking tool such as NuSMV [4] as illustrated in [5]. Rank 5 Node Intrusion Likelihood S 0 0.1500 S 1 0.1287 S 2 0.1658 S 3 0.2548 S 4 0.3007 Rank 4 Center for Science & a) Engineering host-centric of Cyber attack Security graph b) exploit-based Whitacre College analysis of Engineering graph Fig. 5. Attack model analysis of the network in Figure 4. Each state is labeled by a tuple representing a host name and its access level obtained by an attacker. Thus, (Attacker, root) is an initial state since an attacker has a root access privilege on his own machine. The attacker s goal is to obtain a root access to IP2 and thus, (IP2, root) represents a goal state. As shown in Figure 5 b), we rename the states (Attacker, root), (IP1, root), (IP1, user), (IP2, user) and (IP2, root) as s 0, s 1, s 2, s 3, and s 4, respectively. Table 2. Vulnerability and exploitability. Rank 3 Rank 1 3.9 Rank 2 40 Fig. 6. Normalized exploitab The model obtained in F normalized exploitability w rithm to estimate a probab state i to state j. The norma of the probabilities of all p one. For example, there ar to advance from state s 0, to ity values,, and, ristic value for exploiting v /( + + ) = 0.2. entry w ij = w(i, j) is shown in the algorithm is the seco fined in Equation (3). Table 3. Ranking r Applying the heuristics trank algorithm, the resu host-centric attack model a ble 3. We then apply Mehta not employ the exploitabilit shown in the second colum As shown in Table 3, th apply the heuristics is < s 4 and otherwise, 10 < s 4, s 3, s 0, s is applied (i.e., Mehta et al order of likelihood of intru ability. Both results sugge likelihood of being attack most vulnerable).

5 5 (thus, maintain a user access level in a victim host), and to (thus, maintain a user access level in a victim host), and to obtain a denial of service (thus, gain a root access level in the obtain a denial of service (thus, gain a root access level in the victim host), respectively. Local users can exploit the last vulnerability to bypass access restrictions by changing their ac- victim host), respectively. Local users can exploit the last vulnerability to bypass access restrictions by changing their access permissions of a home directory via the ftp, which causes cess permissions of a home directory via the ftp, which causes its service program, wu-ftpd to, instead, allow access of the its service program, wu-ftpd to, instead, allow access of the root directory. We annotate each configuration of the network Fig. 6. Normalized exploitability of the analysis graph in Figure 5 b) root directory. We annotate each configuration of the network Fig. 6. Normalized exploitability of the analysis graph in Figure 5 b) in Figure 4 with its corresponding vulnerabilities and their in Figure 4 with its corresponding vulnerabilities and their associated labels. For example, IP2 has two vulnerabilities, The model obtained in Figure 5 b) is useful in computing a associated labels. For example, IP2 has two vulnerabilities, The model obtained in Figure 5 b) is useful in computing a namely CVE-2006-5794 (or v namely CVE-2006-5794 (or v 1) and CVE-2004-0148 (or v 1) 3). normalized and CVE-2004-0148 exploitability (or w(i, v 3). normalized exploitability w(i, j) used in the ExploitRank algorithm to estimate a probability of advancing from attack in j) used in the ExploitRank algorithm More details of these common More details of these common standard vulnerabilities are standard to estimate vulnerabilities a probability are of advancing from attack in described in [14, 17]. state i to state j. The normalization is required so that the sum described in [14, 17]. Some Comparisons state i to state j. The normalization is required so that the sum Although our approach can be Although our approach can be applied to any form of a security model, in this study we use a host-centric attack graph one. use a For host-centric example, attack there are graph one. For example, there are three possible exploits applicable of applied the probabilities to any form of all of possible a security model, in this study we of the probabilities of all More possible complex attack transitions attack would model be attack transitions would be three possible exploits applicable model [5]. Suppose the goal of model [5]. Suppose the goal of In an Mehta attacker et is al.ʼs to violate approach a security requirement. Based on the network configurations and the ristic value for exploiting v to an advance attacker from is to violate state s 0, a to security requirement. Based on the ity network values configurations,, and, and respectively. the The normalized heu- to advance from state s states s 1, s 2 and s 3 with exploitabil- 0, to states s 1, s 2 and s 3 with exploitability values,, and, respectively. The normalized heu- vulnerabilities Each node has shown equal in chance Figure ristic 4, to we be value can attacked automatically for exploiting no use generate a host-centric attack model /( as shown + in Figure + ) 5 = a) 0.2. by em- A complete weight matrix, whose vof vulnerabilities shown in Figure 4, we can automatically generate a host-centric attack model as shown the degree in Figure of vulnerability 5 a) by em- exploitability entry w 2 from s 0 to s 1 can be computed as 2 from s 0 to s 1 can be computed as /( + + ) = 0.2. A complete weight matrix, whose entry w ij = w(i, j) is shown in Figure 6. Note ij = w(i, j) is shown in Figure 6. Note that in fact w(i, j) ploying a model-checking tool such as NuSMV [4] as illustrated in [5]. that in fact w(i, j) ploying a model-checking tool such as NuSMV [4] as illustrated in [5]. fined in Equation (3). in the algorithm is the second factor of the function g in the algorithm is the second factor of the function g t(v) defined in Equation Our Approach (3). t(v) de- Mehta et al.ʼs Approach Table 3. Ranking results on the attack model. From s0 () Table 3. Rank Ranking 5 results on the attack model. Rank 5 From s0-s3 (, ) Rank 3 Rank 4 From s0 From s0-s3 Rank 2 Rank 3 Rank 2 Rank 4 Rank 3 From s0 () Rank 2 Rank 1 From s0 3.9 3.9 From s0-s2 (, ) From s0-s2 From s0-s3 (, ) Rank 1 From s0-s3 Rank 1 Applying the heuristics obtained in Figure 6 to the ExploitRank algorithm, the results of ranking attack states in the Applying the heuristics obtained in Figure 6 to the ExploitRank More algorithm, exposures the + results of ranking attack states in the a) host-centric attack graph b) exploit-based analysis graph a) host-centric attack graph b) exploit-based analysis graph host-centric attack model are shown in the first column of Table 3. We then apply Mehta et al. s ranking approach that does host-centric attack model are shown in the first column of Table 3. We then apply Mehta et al. s ranking approach that does Fig. 5. Attack model analysis of the network More Fig. exposures 5. Attack model analysis of the network in Figure 4. in Figure 4. Easier exploit vulnerability Each state is labeled by a tuple Each state is labeled by a Center tuple for representing Science & Engineering a host of Cyber name Security and not representing employ the a exploitability host name and not employ the exploitability heuristic and obtain the results as heuristic and obtain the results as 41 its access level obtained by an its access level obtained by an attacker. Thus, (Attacker, root) shown attacker. in Thus, the second (Attacker, column root) shown in the second Center column for Science & of Engineering Table of 3. Cyber Security of Table 3. is an initial state since an attacker is an initial state since an attacker has a root access privilege As has shown a root in access Table privilege As shown in Table 3, the ranking result obtained when we 3, the ranking result obtained when we on his own machine. The attacker s goal is to obtain a root apply the heuristics is < s on his own machine. The attacker s goal is to obtain a root apply the heuristics is < s 4, s 3, s 2, s 0, s 1 > (i.e., our approach) 4, s 3, s 2, s 0, s 1 > (i.e., our approach) access to IP2 and thus, (IP2, root) represents a goal state. As and otherwise, < s access to IP2 and thus, (IP2, root) represents a goal state. As and otherwise, < s 4, s 3, s 0, s 1, s 2 > is obtained when no 4, s heuristic 3, s 0, s 1, s 2 > is obtained when no heuristic shown in Figure 5 b), we rename the states (Attacker, root), is applied (i.e., Mehta et al. s approach). The ranking is in the shown in Figure 5 b), we rename the states (Attacker, root), is applied (i.e., Mehta et al. s approach). The ranking is in the (IP1, root), (IP1, user), (IP2, user) and (IP2, root) as s (IP1, root), (IP1, user), (IP2, user) and (IP2, root) as s 0, s 1, s 0, s 1, s 2, order of likelihood of intrusion based on vulnerability exploitability. Both results suggest that s s 2, order of likelihood of intrusion based on vulnerability exploitability. Both results suggest that s 4 has the highest (relative) 4 has the highest (relative) s 3, and s 4, respectively. 3, and s 4, respectively. likelihood of being attacked (i.e., highest exploitability and Conclusions Table 2. Vulnerability likelihood and exploitability. of being attacked (i.e., highest exploitability and References Table 2. Vulnerability and exploitability. most vulnerable). most vulnerable). To further compare the ranking results, if we ignore s To further compare the ranking results, if we ignore s 0 in 0 in both ranking lists, both ranking orders generally agree except both ranking lists, both ranking orders generally agree except a conflicting case of ranking order between s a conflicting case of ranking order between s 1 and s 2. Consider 1 and s 2. Consider Current state of security practices help guard against Hewett, R.; Kijsanayothin, P., Host-Centric Model Checking for Network Vulnerability attackers from the initial attackers from the initial Analysis, state. Computer As Security shown Applications in Figure Conference, 5 b), 2008. to ACSAC 2008. Annual, illegitimate network entry access state. As shown in Figure 5 b), to reach state s reach state s 1 (e.g., from s 0, s 2 or s 3) requires exploiting 1 (e.g., vol., from no., spp.225,234, vulnerability 0, s 2 or s8-12 3) requires Dec, 2008, exploiting doi: 10.1109/ACSAC.2008.15 vulnerability v Table network 2 shows intrusion the and exploitability network Table 2 shows the exploitability computed for each of the infection computed v 2, whereas for each to of reach the state s 2 (e.g., from 2, whereas Kijsanayothin, to reach P.; state Hewett, s s 0 or s 3) requires 2 R., (e.g., Analytical from Approach s 0 or sto 3) Attack requires exploiting vulnerability Graph Analysis for relevant vulnerabilities obtained relevant vulnerabilities obtained from publically known CVSS from exploiting publically known vulnerability CVSS Network Security, v Availability, v 1. However, according to the 1. However, Reliability, according and Security, to the 2010. ARES '10 International BUT attackers can still attack the network by exploiting as described in previous sectionbased as described in previous sectionbased on heuristic values in CVSS standard, on heuristic since values exploitability(v in CVSS standard, since Conference exploitability(v on, vol., no., pp.25,32, 1) = but exploitability(v 2) =, attack v 1 is graph 1) = 15-18 but Feb, exploitability(v 2010, doi: 10.1109/ARES.2010.21 Table network 2, we vulnerabilities obtained the corresponding (due to configuration Table 2, we obtained the corresponding attack graph for analysis as shown in Figure 5 b), where we replace the state transi- be easier we replace to reach the s 2. state For transi- be easier to reach s or software Noel, S.; Jajodia, S., Understanding complex network attack graphs through more for vulnerable analysis errors) as shown in Figure 5 b), where than 2) =, v v 2. Therefore, 1 is more vulnerable than v it should 2. Therefore, it should clustered adjacency matrices, Computer Security Applications Conference, 21st example, from initial state 2. For example, from initial state s 0, Annual reaching sby 2 requires corresponding v 1 exploit exploitaing s, vol., no., pp.10 pp.,169, 5-9 Dec, 2005, 0, doi: reach- 10.1109/CSAC.2005.58 tions of the vulnerability exploits tions of the vulnerability exploits by corresponding exploitability values in Table 2. v 1 and v 1 exploits to reach s 1. Therefore, 1 and v compared to a 2 requires v v 2 exploit or 1 exploit compared to a v a chain of 2 exploit a chain of One remedy is to aim to prevent critical possible attacks Jha, S., O. Sheyner, and J. Wing, Two formal analysis of attack graphs, in CSFW bility values in Table 2. v s 1 exploits to reach s 2 should rank '02: higher Proceedings 1. Therefore, of the 15th IEEE s 2 should workshop rank on Computer higher Security Foundations. from these vulnerabilities (not just entry points) than s than s 1. This intuitive reasoning conforms 1. This intuitive Washington, reasoning DC, conforms USA: IEEE Computer to our Society, ranking p. 49, order 2002. to our ranking order We give an example of how Mehta, V., C. Bartzis, H. Zhu, E. M. Clarke, and J. M. Wing, Ranking attack graphs, in Recent Advances in Intrusion Detection, pp. 127-144, 2006. Attack model can be automatically constructed and Schiffman, Cisco CIAG, A Complete Guide to the Common Vulnerability Scoring used for security management System (CVSS), Forum Incident Response and Security Teams (http://www.first.org/) Sheyner, O., J. Haines, S. Jha, R. Lippmann, and J. Wing, Automated generation This helps address scalability of network protection and analysis of attack graphs, Proc. of the IEEE Symposium on Security and Privacy, pp. 273-284, 2002. 42 43 44 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information