CSDL Home IEEE Transactions on Dependable and Secure Computing 2011 vol.8 Issue No.01 - January-February

Subscribe

Issue No.01 - January-February (2011 vol.8)

pp: 28-43

Xiaohu Li , University of Texas at San Antonio, San Antonio

Timothy Paul Parker , University of Texas at San Antonio, San Antonio

Shouhuai Xu , University of Texas at San Antonio, San Antonio

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2008.75

ABSTRACT

Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system: 1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

INDEX TERMS

Security modeling, quantitative security analysis, vulnerability graph, networked systems, security metric.

CITATION

Xiaohu Li, Timothy Paul Parker, Shouhuai Xu, "A Stochastic Model for Quantitative Security Analyses of Networked Systems",

*IEEE Transactions on Dependable and Secure Computing*, vol.8, no. 1, pp. 28-43, January-February 2011, doi:10.1109/TDSC.2008.75REFERENCES

- [1] R. Albert and A. Barabasi, "Statistical Mechanics of Complex Networks,"
Rev. of Modern Physics, vol. 74, pp. 47-97, 2002.- [2] R. Albert, H. Jeong, and A. Barabasi, "Error and Attack Tolerance of Complex Networks,"
Nature, vol. 406, pp. 378-482, 2000.- [3] P. Ammann, D. Wijesekera, and S. Kaushik, "Scalable, Graph-Based Network Vulnerability Analysis,"
Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 217-224, 2002.- [4] R. Anderson and R. May,
Infectious Diseases of Humans. Oxford Univ. Press, 1991.- [5]
Four Grand Challenges in Trustworthy Computing. The Computing Research Assoc., http://www.cra.org/Activitiesgrand. challenges /, 2003.- [6] N. Bailey,
The Mathematical Theory of Infectious Diseases and Its Applications, second ed., 1975.- [7] A. Barabasi and R. Albert, "Emergence of Scaling in Random Networks,"
Science, vol. 286, pp. 509-512, 1999.- [8] R. Chinchani, A. Iyer, H. Ngo, and S. Upadhyaya, "Towards a Theory of Insider Threat Assessment,"
Proc. Int'l Conf. Dependable Systems and Networks (DSN '05), pp. 108-117, 2005.- [9] M. Dacier and Y. Deswarte, "Privilege Graph: An Extension to the Typed Access Matrix Model,"
Proc. Third European Symp. Research in Computer Security (ESORICS '94), vol. 875, pp. 319-334, 1994.- [10] P. Erdos and A. Renyi, "On the Evolution of Random Graphs,"
Publications of the Math. Inst. Hungarian Academy of Sciences, vol. 5, pp. 17-61, 1960.- [11] A. Ganesh, L. Massoulie, and D. Towsley, "The Effect of Network Topology on the Spread of Epidemics,"
Proc. IEEE INFOCOM, 2005.- [12] S. Jha and J. Wing, "Survivability Analysis of Networked Systems,"
Proc. 23rd Int'l Conf. Software Eng. (ICSE '01), pp. 307-317, 2001.- [13] J. Kephart and S. White, "Directed-Graph Epidemiological Models of Computer Viruses,"
Proc. IEEE Symp. Security and Privacy (S&P '91), pp. 343-361, 1991.- [14] W. Kermack and A. McKendrick, "A Contribution to the Mathematical Theory of Epidemics,"
Proc. Royal Soc. London A, vol. 115, pp. 700-721, 1927.- [15] B. Madan, K. Goševa-Popstojanova, K. Vaidyanathan, and K. Trivedi, "A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems,"
Performance Evaluation, vol. 56, nos. 1-4, pp. 167-186, 2004.- [16] M. Matsumoto and T. Nishimura, "Mersenne Twister: A 623-Dimensionally Equidistributed Uniform Pseudo-Random Number Generator,"
ACM Trans. Modeling and Computer Simulation, vol. 8, no. 1, pp. 3-30, 1998.- [17] A. McKendrick, "Applications of Mathematics to Medical Problems,"
Proc. Edinburgh Math. Soc., vol. 14, pp. 98-130, 1926.- [18] A. Medina, A. Lakhina, I. Matta, and J. Byers, "Brite: An Approach to Universal Topology Generation,"
Proc. Int'l Symp. Modeling, Analysis and Simulation of Computer and Telecomm. Systems (MASCOTS '01), pp. 346-356, 2001.- [19] Y. Moreno, R. Pastor-Satorras, and A. Vespignani, "Epidemic Outbreaks in Complex Heterogeneous Networks,"
European Physical J. B, vol. 26, pp. 521-529, 2002.- [20] D. Nicol, W. Sanders, and K. Trivedi, "Model-Based Evaluation: From Dependability to Security,"
IEEE Trans. Dependable and Secure Computing, vol. 1, no. 1, pp. 48-65, 2004.- [21] R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security,"
IEEE Trans. Software Eng., vol. 25, no. 5, pp. 633-650, 1999.- [22] C. Palmer and J. Steffan, "Generating Network Topologies That Obey Power Laws,"
Proc. IEEE Global Telecomm. Conf. (GLOBECOM), 2000.- [23] R. Pastor-Satorras and A. Vespignani, "Epidemics and Immunization in Scale-Free Networks,"
Handbook of Graphs and Networks: From the Genome to the Internet, 2008.- [24] R. Pastor-Satorras and A. Vespignani, "Epidemic Dynamics and Endemic States in Complex Networks,"
Physical Rev. E, vol. 63, p. 066117, 2001.- [25] R. Pastor-Satorras and A. Vespignani, "Epidemic Dynamics in Finite Size Scale-Free Networks,"
Physical Rev. E, vol. 65, p. 035108, 2002.- [26] M. Pease, R. Shostak, and L. Lamport, "Reaching Agreement in the Presence of Faults,"
J. ACM, vol. 27, no. 2, pp. 228-234, 1980.- [27] C. Phillips and L. Swiler, "A Graph-Based System for Network-Vulnerability Analysis,"
Proc. Workshop New Security Paradigms (NSPW '98), pp. 71-79, 1998.- [28] S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Schenker, "A Scalable Content-Addressable Network,"
Proc. ACM SIGCOMM '01, pp. 161-172, 2001.- [29] S. Ross,
Stochastic Processes, Wiley Series in Probability and Math. Statistics. John Wiley & Sons, 1996.- [30] M. Shaked and J. Shanthikumar,
Stochastic Orders and Their Applications. Academic Press, 1994.- [31] I. Stoica, R. Morris, D. Karger, M. Kaashoek, and H. Balakrishnan, "Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications,"
Proc. ACM SIGCOMM '01, pp. 149-160, 2001.- [32] K. Trivedi,
Probability and Statistics with Reliability, Queuing and Computer Science Applications. John Wiley & Sons, 2001.- [33] J. Wang, L. Lu, and A. Chien, "Tolerating Denial-of-Service Attacks Using Overlay Networks—Impact of Topology,"
Proc. First ACM Workshop Survivable and Self-Regenerative Systems (SSRS), 2003.- [34] Y. Wang, D. Chakrabarti, C. Wang, and C. Faloutsos, "Epidemic Spreading in Real Networks: An Eigenvalue Viewpoint,"
Proc. 22nd IEEE Symp. Reliable Distributed Systems (SRDS '03), pp. 25-34, 2003. |