SODA

Impact estimation using data flows over attack graphs

Olsson, Tomas (2009) Impact estimation using data flows over attack graphs. In: The 14th Nordic Conference on Secure IT Systems (NordSec 2009), 14-16 Oct 2009, Oslo, Norway.

This is the latest version of this item.

[img]
Preview
PDF
296Kb

Official URL: http://nordsec2009.unik.no/NordSec-publications.as...

Abstract

We propose a novel approach to estimating the impact of an attack using a data model and an impact model on top of an attack graph. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. We show that our algorithm not only subsumes the simple impact estimation used in the literature but also improves it by explicitly modeling loss value dependencies between network nodes. With our model, the operator will be able to use less time when comparing different security patches to a network.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:Risk analysis, Network security, Attack graphs, Security metrics, Intrusion detection
ID Code:3848
Deposited By:Tomas Olsson
Deposited On:01 Mar 2010 10:15
Last Modified:01 Mar 2010 10:15

Available Versions of this Item

Repository Staff Only: item control page