This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Estimating a System's Mean Time-to-Compromise
January/February 2008 (vol. 6 no. 1)
pp. 52-60
ASCII Text
x 
 
David John Leversage, Eric James Byres, "Estimating a System's Mean Time-to-Compromise," IEEE Security & Privacy, vol. 6, no. 1, pp. 52-60, January/February, 2008.
 
 
BibTex
x
 
@article{ 10.1109/MSP.2008.9,
author = {David John Leversage and Eric James Byres},
title = {Estimating a System's Mean Time-to-Compromise},
journal ={IEEE Security & Privacy},
volume = {6},
number = {1},
issn = {1540-7993},
year = {2008},
pages = {52-60},
doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2008.9},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - MGZN
JO - IEEE Security & Privacy
TI - Estimating a System's Mean Time-to-Compromise
IS - 1
SN - 1540-7993
SP52
EP60
EPD - 52-60
A1 - David John Leversage,
A1 - Eric James Byres,
PY - 2008
KW - Security
KW - Network Security
KW - SCADA
KW - SCADA Security
KW - Computer Security
KW - Critical Infrastructure
KW - Critical Infrastructure Protection
KW - Markov
KW - Compromise
KW - Time-to-Compromise
KW - Mean Time-to-Compromise
KW - MTTC
KW - Process Control
KW - State Space Model
KW - Attack Path
KW - Predator
VL - 6
JA - IEEE Security & Privacy
ER -
 
David John Leversage, British Columbia Institute of Technology
Eric James Byres, BCIT Critical Infrastructure Security Center
The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process. First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM). Next we employ a predator SSM, based on models used in the biological sciences to predict predatorial behavior, to build an attack path SSM which identifies the attack strategies with Markov chains. Finally the attack path model and a state time estimation algorithm (STEA) are used to build the MTTC intervals for the system. These intervals can be quickly calculated for a broad range of systems and mitigating actions, allowing security architects and managers to intelligently compare systems and determine where resources should be focused to achieve the most effective cost/MTTC ratio.

1. L. Desborough and R. Miller, "Increasing Customer Value of Industrial Control Performance Monitoring—Honeywell's Experience," Proc. 6th Int'l Conf. Chemical Process Control (CPC VI), John Wiley &Sons, 2002, pp. 172–192.
2. Underwriters Laboratories, Standard for Safety Burglary-Resistant Safes, UL 687, UL, 2005.
3. S.P. Gorman et al., "A Predator Prey Approach to the Network Structure of Cyberspace," ACM Int'l Conf. Proc. Series, vol. 58, Trinity College Dublin, 2004, pp. 1–6.
4. E. Jonsson and T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behaviour," IEEE Trans. Software Eng., vol. 23, no. 4, Apr. 1997, pp. 235–245.
5. M.A. McQueen et al., "Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System," Proc. 39th Ann. Hawaii Int'l Conf. System Sciences (HICSS 06), track 9, 2006, p. 226.
6. D. Leversage and E.J. Byres, "Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric," Comm. Computer and Information Science—Computer Network Security, Proc. 4th Int'l Conf. Mathematical Methods, Models, and Architectures for Computer Network Security, Springer, 2007, pp. 213–227.
7. M.A. McQueen et al., "Time-to-Compromise Model for Cyber Risk Reduction Estimation," First Workshop on Quality of Protection, Quality of Protection: Security Measurements and Metrics, Springer, 2005.
8. E. Rescorla, "Is Finding Security Holes a Good Idea?" IEEE Security &Privacy, vol. 3, no. 1, Jan./Feb. 2005, pp. 14–19.
9. P. Manadhata and J.M. Wing, Measuring a System's Attack Surface, tech. report CMU-CS-04-102, School of Computer Science, Carnegie Mellon Univ., 2004.
1. E. Jonsson and T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behaviour," IEEE Trans. Software Eng., vol. 23, no. 4, Apr. 1997, pp. 235–245.
2. M.A. McQueen et al., "Time-to-Compromise Model for Cyber Risk Reduction Estimation," Quality of Protection: Security Measurements and Metrics, Springer, 2005.
3. M.A. McQueen et al., "Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System," Proc. 39th Ann. Hawaii Int'l Conf. System Sciences (HICSS 06), track 9, 2006, p. 226.
4. Int'l Electrotechnical Commission, "Power System Control and Associated Communications—Data and Communication Security," IEC TR 62210, May 2003.
5. Int'l Soc. for Measurement and Control, "Security for Industrial Automation and Control Systems Part 1: Concepts, Terminology and Models (Draft)," ISA-99.00.01, ISA, Spring 2006.
6. Int'l Soc. for Measurement and Control, "Security for Industrial Automation and Control Systems Part 2: Establishing an Industrial Automation and Control System Security Program" (draft), ISA-99.00.02, ISA, Spring 2006.
7. Y.Y. Haimes, Risk Modeling, Assessment, and Management, 2nd ed., John Wiley &Sons, 2004.

Index Terms:
Security, Network Security, SCADA, SCADA Security, Computer Security, Critical Infrastructure, Critical Infrastructure Protection, Markov, Compromise, Time-to-Compromise, Mean Time-to-Compromise, MTTC, Process Control, State Space Model, Attack Path, Predator
Citation:
David John Leversage, Eric James Byres, "Estimating a System's Mean Time-to-Compromise," IEEE Security & Privacy, vol. 6, no. 1, pp. 52-60, Jan.-Feb. 2008, doi:10.1109/MSP.2008.9
Usage of this product signifies your acceptance of the Terms of Use.