Discovering and Mitigating New Attack Paths Using Graphical Security Models

Jin Bum Hong; Dong Seong Kim

doi:10.1109/DSN-W.2017.18

Discovering and Mitigating New Attack Paths Using Graphical Security Models

Jin Bum Hong, Dong Seong Kim

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

3 Citations (Scopus)

Abstract

To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.

Original language	English
Title of host publication	Proceedings: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
Place of Publication	USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	45-52
Number of pages	8
ISBN (Electronic)	9781538622728
DOIs	https://doi.org/10.1109/DSN-W.2017.18
Publication status	Published - 30 Aug 2017
Externally published	Yes
Event	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 - Denver, United States Duration: 26 Jun 2017 → 29 Jun 2017

Conference

Conference	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017
Country/Territory	United States
City	Denver
Period	26/06/17 → 29/06/17

Access to Document

10.1109/DSN-W.2017.18

Cite this

@inproceedings{38f3547fe7cd4d11b85b352d5bc5300a,

title = "Discovering and Mitigating New Attack Paths Using Graphical Security Models",

abstract = "To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.",

keywords = "Attack Graphs, Mitigation Strategies, Network Hardening, Security Analysis, Zero-day Vulnerabilities",

author = "Hong, {Jin Bum} and Kim, {Dong Seong}",

year = "2017",

month = aug,

day = "30",

doi = "10.1109/DSN-W.2017.18",

language = "English",

pages = "45--52",

booktitle = "Proceedings: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States",

note = "47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017 ; Conference date: 26-06-2017 Through 29-06-2017",

}

Hong, JB & Kim, DS 2017, Discovering and Mitigating New Attack Paths Using Graphical Security Models. in Proceedings: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017., 8023697, IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 45-52, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017, Denver, United States, 26/06/17. https://doi.org/10.1109/DSN-W.2017.18

Discovering and Mitigating New Attack Paths Using Graphical Security Models. / Hong, Jin Bum; Kim, Dong Seong.
Proceedings: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017. USA: IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 45-52 8023697.

Research output: Chapter in Book/Conference paper › Conference paper › peer-review

TY - GEN

T1 - Discovering and Mitigating New Attack Paths Using Graphical Security Models

AU - Hong, Jin Bum

AU - Kim, Dong Seong

PY - 2017/8/30

Y1 - 2017/8/30

N2 - To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.

AB - To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.

KW - Attack Graphs

KW - Mitigation Strategies

KW - Network Hardening

KW - Security Analysis

KW - Zero-day Vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85031760923&partnerID=8YFLogxK

U2 - 10.1109/DSN-W.2017.18

DO - 10.1109/DSN-W.2017.18

M3 - Conference paper

AN - SCOPUS:85031760923

SP - 45

EP - 52

BT - Proceedings: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - USA

T2 - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2017

Y2 - 26 June 2017 through 29 June 2017

ER -

Discovering and Mitigating New Attack Paths Using Graphical Security Models

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this