The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2008 vol.6)
pp: 52-60
David John Leversage , British Columbia Institute of Technology
Eric James Byres , BCIT Critical Infrastructure Security Center
ABSTRACT
The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process. First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM). Next we employ a predator SSM, based on models used in the biological sciences to predict predatorial behavior, to build an attack path SSM which identifies the attack strategies with Markov chains. Finally the attack path model and a state time estimation algorithm (STEA) are used to build the MTTC intervals for the system. These intervals can be quickly calculated for a broad range of systems and mitigating actions, allowing security architects and managers to intelligently compare systems and determine where resources should be focused to achieve the most effective cost/MTTC ratio.
INDEX TERMS
Security, Network Security, SCADA, SCADA Security, Computer Security, Critical Infrastructure, Critical Infrastructure Protection, Markov, Compromise, Time-to-Compromise, Mean Time-to-Compromise, MTTC, Process Control, State Space Model, Attack Path, Predator
CITATION
David John Leversage, Eric James Byres, "Estimating a System's Mean Time-to-Compromise", IEEE Security & Privacy, vol.6, no. 1, pp. 52-60, January/February 2008, doi:10.1109/MSP.2008.9
REFERENCES
1. L. Desborough and R. Miller, "Increasing Customer Value of Industrial Control Performance Monitoring—Honeywell's Experience," Proc. 6th Int'l Conf. Chemical Process Control (CPC VI), John Wiley &Sons, 2002, pp. 172–192.
2. Underwriters Laboratories, Standard for Safety Burglary-Resistant Safes, UL 687, UL, 2005.
3. S.P. Gorman et al., "A Predator Prey Approach to the Network Structure of Cyberspace," ACM Int'l Conf. Proc. Series, vol. 58, Trinity College Dublin, 2004, pp. 1–6.
4. E. Jonsson and T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behaviour," IEEE Trans. Software Eng., vol. 23, no. 4, Apr. 1997, pp. 235–245.
5. M.A. McQueen et al., "Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System," Proc. 39th Ann. Hawaii Int'l Conf. System Sciences (HICSS 06), track 9, 2006, p. 226.
6. D. Leversage and E.J. Byres, "Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric," Comm. Computer and Information Science—Computer Network Security, Proc. 4th Int'l Conf. Mathematical Methods, Models, and Architectures for Computer Network Security, Springer, 2007, pp. 213–227.
7. M.A. McQueen et al., "Time-to-Compromise Model for Cyber Risk Reduction Estimation," First Workshop on Quality of Protection, Quality of Protection: Security Measurements and Metrics, Springer, 2005.
8. E. Rescorla, "Is Finding Security Holes a Good Idea?" IEEE Security &Privacy, vol. 3, no. 1, Jan./Feb. 2005, pp. 14–19.
9. P. Manadhata and J.M. Wing, Measuring a System's Attack Surface, tech. report CMU-CS-04-102, School of Computer Science, Carnegie Mellon Univ., 2004.
35 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool