TY - GEN
T1 - Cost evaluation for intrusion response using dependency graphs
AU - Kheir, Nizar
AU - Debar, Hervé
AU - Cuppens-Boulahia, Nora
AU - Cuppens, Frédéric
AU - Viinikka, Jouni
PY - 2009/11/23
Y1 - 2009/11/23
N2 - The cost evaluation for attacks and/or responses (further called security incidents) in an IT system is a challenging issue. The high rate of service dependencies increases this challenge as the impact on a target service often spreads to its dependent services. This paper evaluates the effect of security incidents using service dependency graphs. It defines security-related properties which are used to propagate impacts in a dependency graph and thus to quantify the real cost of a security incident. The graph-based model described in this paper manages Confidentiality (C), Integrity (I) and Availability (A) propagations. It introduces matrix dependency weights in order to correlate these propagations. It also examines the effect of availability on both C and I propagations as these may exist only when the underlying components are available. This model provides common metrics for both attack and response costs evaluation. It thus enables balancing attack and response costs. An implementation of this model is proposed using CVSS base vectors. The performance of the model is measured according to the graph size and the rate of dependencies in this graph.
AB - The cost evaluation for attacks and/or responses (further called security incidents) in an IT system is a challenging issue. The high rate of service dependencies increases this challenge as the impact on a target service often spreads to its dependent services. This paper evaluates the effect of security incidents using service dependency graphs. It defines security-related properties which are used to propagate impacts in a dependency graph and thus to quantify the real cost of a security incident. The graph-based model described in this paper manages Confidentiality (C), Integrity (I) and Availability (A) propagations. It introduces matrix dependency weights in order to correlate these propagations. It also examines the effect of availability on both C and I propagations as these may exist only when the underlying components are available. This model provides common metrics for both attack and response costs evaluation. It thus enables balancing attack and response costs. An implementation of this model is proposed using CVSS base vectors. The performance of the model is measured according to the graph size and the rate of dependencies in this graph.
UR - https://www.scopus.com/pages/publications/70449629563
M3 - Conference contribution
AN - SCOPUS:70449629563
SN - 9782953244311
T3 - 2009 International Conference on Network and Service Security, N2S 2009
BT - 2009 International Conference on Network and Service Security, N2S 2009
T2 - 2009 International Conference on Network and Service Security, N2S 2009
Y2 - 24 June 2009 through 26 June 2009
ER -