Mission-centric Decision Support in Cybersecurity via Bayesian Privilege Attack Graph

Logo poskytovatele


Rok publikování 2022
Druh Článek v odborném periodiku
Časopis / Zdroj Engineering Reports
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Doi http://dx.doi.org/10.1002/eng2.12538
Klíčová slova attack graph;Bayesian network;cybersecurity;decision support;enterprise mission
Přiložené soubory
Popis We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, i.e., discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, i.e., how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info