Visible to the public A Model-Based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks

TitleA Model-Based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks
Publication TypeConference Paper
Year of Publication2019
AuthorsAlshawish, Ali, Spielvogel, Korbinian, de Meer, Hermann
Conference Name2019 International Conference on Networked Systems (NetSys)
ISBN Number978-1-7281-0568-0
KeywordsComparative security metric, Computer science, Estimation, Human Behavior, human factors, Measurement, Metrics, Monte Carlo simulation, NIST, patch management, pubcrawl, resilience, Resiliency, risk assessment, risk management, Scalability, security, security metrics, Security Risk Estimation, security risk management, Uncertainty
Abstract

Several operational and economic factors impact the patching decisions of critical infrastructures. The constraints imposed by such factors could prevent organizations from fully remedying all of the vulnerabilities that expose their (critical) assets to risk. Therefore, an involved decision maker (e.g. security officer) has to strategically decide on the allocation of possible remediation efforts towards minimizing the inherent security risk. This, however, involves the use of comparative judgments to prioritize risks and remediation actions. Throughout this work, the security risk is quantified using the security metric Time-To-Compromise (TTC). Our main contribution is to provide a generic TTC estimator to comparatively assess the security posture of computer networks taking into account interdependencies between the network components, different adversary skill levels, and characteristics of (known and zero-day) vulnerabilities. The presented estimator relies on a stochastic TTC model and Monte Carlo simulation (MCS) techniques to account for the input data variability and inherent prediction uncertainties.

URLhttps://ieeexplore.ieee.org/document/8854511
DOI10.1109/NetSys.2019.8854511
Citation Keyalshawish_model-based_2019