Survivability Analysis of a Computer System Under an Advanced Persistent Threat Attack
详细信息    查看全文
  • 关键词:APT ; Cyberattacks ; Markov chains ; Stochastic reward nets ; Security metrics ; Survivability ; Transient analysis
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2016
  • 出版时间:2016
  • 年:2016
  • 卷:9987
  • 期:1
  • 页码:134-149
  • 全文大小:534 KB
  • 参考文献:1.Symantec: Internet Security Threat report (2013). http://​www.​symantec.​com/​content/​en/​us/​enterprise/​other_​resources/​bistr_​main_​report_​v18_​2012_​21291018.​en-us.​pdf
    2.Emm, D., Garnaeva, M., Ivanov, A., Makrushin, D., Unuchek, R.: IT threat evolution in Q2 2015. Technical report, Kaspersky Lab, July 2015
    3.McAfee: McAfee labs threats report. Technical report, McAfee Labs, August 2015
    4.Department of Homeland Security: National Security Strategy. The White House, May 2010. http://​www.​whitehouse.​gov/​sites/​default/​files/​rss_​viewer/​national_​security_​strategy.​pdf
    5.Kozik, R., Choras, M.: Current cyber security threats and challenges in critical infrastructures protection. In: Proceedings of the 2nd International Conference on Informatics and Applications (ICIA), pp. 93–97, September 2013
    6.Walters, R.: Cyber Attacks on U.S. Companies in 2014. The Heritage Foundation - National Security and Defense, 1–5, October 2014. Issue Brief No. 4289
    7.Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 231–245 (2007)
    8.Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: Proceedings of the 2nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET), pp. 1–11. USENIX Association, Berkeley (2009)
    9.Sood, A., Enbody, R.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013)
    10.Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)CrossRef
    11.Farwell, J.P., Rohozinski, R.: Stuxnet and the future of cyber war. Survival 53(1), 23–40 (2011)CrossRef
    12.Rauscher, K.: Writing the rules of cyberwar. IEEE Spectr. 50(12), 30–32 (2013)CrossRef
    13.Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: protecting your critical systems. IEEE Internet Comput. 3(6), 55–63 (1999)CrossRef
    14.Bolch, G., Greiner, S., de Meer, H., Trivedi, K.S.: Queueing Networks and Markov Chains: Modeling and Performance Evaluation with Computer Science Applications, 2nd edn. Wiley-Interscience, Hoboken (2006)MATH CrossRef
    15.Ramani, S., Trivedi, K.S., Dasarathy, B.: Performance analysis of the CORBA event service using stochastic reward nets. In: Proceedings of the 19th IEEE Symposium on Reliable Distributed Systems (SRDS), pp. 238–247 (2000)
    16.Philip, A., Sharma, R.K.: A stochastic reward net approach for reliability analysis of a flexible manufacturing module. Int. J. Syst. Assur. Eng. Manag. 4(3), 293–302 (2013)CrossRef
    17.Bruneo, D.: A stochastic model to investigate data center performance and QoS in IaaS cloud computing systems. IEEE Trans. Parallel Distrib. Syst. 25(3), 560–569 (2014)CrossRef
    18.Entezari-Maleki, R., Trivedi, K.S., Movaghar, A.: Performability evaluation of grid environments using stochastic reward nets. IEEE Trans. dependable Secure Comput. 12(2), 204–216 (2015)CrossRef
    19.Kumar, N., Lee, J.H., Chilamkurti, N., Vinel, A.: Energy-efficient multimedia data dissemination in vehicular clouds: stochastic-reward-nets-based coalition game approach. IEEE Syst. J. 10(2), 847–858 (2016)CrossRef
    20.Kawamura, R., Ohta, H.: Architectures for ATM network survivability and their field deployment. IEEE Commun. Mag. 37(8), 88–94 (1999)CrossRef
    21.Wylie, J.J., Bigrigg, M.W., Strunk, J.D., Ganger, G.R., Kiliccote, H., Khosla, P.K.: Survivable information storage systems. Computer 33(8), 61–68 (2000)CrossRef
    22.Jha, S., Wing, J.M.: Survivability analysis of networked systems. In: Proceedings of the 23rd International Conference on Software Engineering (ICSE), ICSE 2001, pp. 307–317. IEEE Computer Society, Washington, DC (2001)
    23.Castet, J.F., Saleh, J.H.: On the concept of survivability, with application to spacecraft and space-based networks. Reliab. Eng. Syst. Saf. 99, 123–138 (2012)CrossRef
    24.Paulauskas, N., Garsva, E., Gulbinovic, L., Stankevicius, A., Poviliauskas, D.: Survivability modelling of Lithuanian government information system. Elektronika Ir Elektrotechnika 120(4), 95–98 (2012)CrossRef
    25.Wang, H., Liu, P.: Modeling and evaluating the survivability of an intrusion tolerant database system. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 207–224. Springer, Heidelberg (2006). doi:10.​1007/​11863908_​14 CrossRef
    26.Wang, A.H., Yan, S., Liu, P.: A semi-markov survivability evaluation model for intrusion tolerant database systems. In: Proceedings of the 2010 International Conference on Availability, Reliability, and Security (ARES), pp. 104–111, February 2010
    27.Trivedi, K.S., Xia, R.: Quantification of system survivability. Telecommun. Syst. 60(4), 451–470 (2015)CrossRef
    28.Rodríguez, R.J., Merseguer, J., Bernardi, S.: Modelling security of critical infrastructures: a survivability assessment. Comput. J. 58(10), 2313–2327 (2015)CrossRef
    29.Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Upper Saddle River (2006)MATH
    30.Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989)CrossRef
    31.Ajmone Marsan, M., Balbo, G., Conte, G., Donatelli, S., Franceschinis, G.: Modelling with Generalized Stochastic Petri Nets. Wiley Series in Parallel Computing. Wiley, Hoboken (1995)MATH
    32.Muppala, J., Ciardo, G., Trivedi, K.S.: Stochastic reward nets for reliability prediction. Commun. Reliab. Maintainab. Serviceability 1(2), 9–20 (1994)
    33.Grottke, M., Trivedi, K.: Fighting bugs: remove, retry, replicate, and rejuvenate. Computer 40(2), 107–109 (2007)CrossRef
    34.ANSI T1A1.2 Working Group on Network Survivability Performance: Enhanced Network Survivability Performance. Technical report 68, American National Standards Institute (2001)
    35.Ciardo, G., Muppala, J., Trivedi, K.: SPNP: stochastic Petri net package. In: Proceedings of the 3rd International Workshop on Petri Nets and Performance Models (PNPM), pp. 142–151, December 1989
    36.Temizkan, O., Kumar, R., Park, S., Subramaniam, C.: Patch release behaviors of software vendors in response to vulnerabilities: an empirical analysis. J. Manage. Inf. Syst. 28(4), 305–338 (2012)CrossRef
    37.Google Project Zero: List of vulnerabilities reported by Google security research team. https://​bugs.​chromium.​org/​p/​project-zero/​issues/​list?​can=​1&​q=​&​colspec=​ID+Type+Status+P​riority+Mileston​e+Owner+Summary&​cells=​ids
    38.Nzoukou, W., Wang, L., Jajodia, S., Singhal, A.: A unified framework for measuring a network’s mean time-to-compromise. In: Proceedings of the 2013 IEEE 32nd International Symposium on Reliable Distributed Systems (SRDS), pp. 215–224, September 2013
  • 作者单位:Ricardo J. Rodríguez (16)
    Xiaolin Chang (17)
    Xiaodan Li (18)
    Kishor S. Trivedi (18)

    16. Department of Computer Science and Systems Engineering, University of Zaragoza, Zaragoza, Spain
    17. Department of Information Security, Beijing Jiaotong University, Beijing, People’s Republic of China
    18. Department of Electrical and Computer Engineering, Duke University, Durham, USA
  • 丛书名:Graphical Models for Security
  • ISBN:978-3-319-46263-9
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
  • 卷排序:9987
文摘
Computer systems are potentially targeted by cybercriminals by means of specially crafted malicious software called Advanced Persistent Threats (APTs). As a consequence, any security attribute of the computer system may be compromised: disruption of service (availability), unauthorized data modification (integrity), or exfiltration of sensitive data (confidentiality). An APT starts with the exploitation of software vulnerability within the system. Thus, vulnerability mitigation strategies must be designed and deployed in a timely manner to reduce the window of exposure of vulnerable systems. In this paper, we evaluate the survivability of a computer system under an APT attack using a Markov model. Generation and solution of the Markov model are facilitated by means of a high-level formalism based on stochastic Petri nets. Survivability metrics are defined to quantify security attributes of the system from the public announcement of a software vulnerability and during the system recovery. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security attributes but also provide insights on the cost/revenue trade-offs of investment efforts in system recovery such as vulnerability mitigation strategies. Sensitivity analysis through numerical experiments is carried out to study the impact of key parameters on system secure survivability.
NGLC 2004-2010.National Geological Library of China All Rights Reserved.
Add:29 Xueyuan Rd,Haidian District,Beijing,PRC. Mail Add: 8324 mailbox 100083
For exchange or info please contact us via email.