Visible to the public Discovering and Mitigating New Attack Paths Using Graphical Security Models

TitleDiscovering and Mitigating New Attack Paths Using Graphical Security Models
Publication TypeConference Paper
Year of Publication2017
AuthorsHong, J. B., Kim, D. S.
Conference Name2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
KeywordsAnalytical models, Attack Graphs, composability, Databases, graphical security models, Metrics, mitigation strategies, modern networked systems, network hardening, new attack path discovery, new attack path mitigation, pubcrawl, resilience, Resiliency, risk analysis, security, security analysis, security of data, Servers, system components, unified vulnerability risk analysis module, Universal Serial Bus, UV-RAM, Virtual private networks, zero-day vulnerabilities

To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.

Citation Keyhong_discovering_2017