PP–GSM: Privacy-preserving graphical security model for security assessment as a service

Security Assessment-as-a-Service (SAaaS) allows users to outsource security assessments of their systems and networks from the cloud, reducing the burden on users whom do not have sufficient resources to carry out security assessments. SAaaS can be implemented using Graphical Security Models (GSMs), such as Attack Graphs and Attack Trees, that are widely used for security assessments. However, this approach exposes users’ sensitive data (e.g., network topology, host vulnerabilities) in the cloud, which would not be acceptable in private systems such as government and/or corporation networks. This paper proposes a framework named privacy-preserving GSM (PP–GSM) for SAaaS. PP–GSM is built with (1) homomorphic encryption (HE) for protecting users’ sensitive data by performing security assessment computations on the encrypted network models, and (2) graph obfuscation techniques to confuse attackers trying to reveal users’ sensitive data. Moreover, we develop new algorithms to speed up HE by reducing the number of multiplications, which are computationally expensive arithmetic operations in HE schemes. Our experimental results using various realistic scenarios show that PP–GSM can be generated on average in 1,078 s for networks with 60 nodes (and the time taken is linearly proportional to the number of nodes). For evaluations, the time taken can be as short as on average 30 s for computing the cumulative attack success probability. Therefore, PP–GSM is a promising solution for the SAaaS to be used in practice.