Visible to the public Automated Synthesis of Resiliency Configurations for Cyber NetworksConflict Detection Enabled

TitleAutomated Synthesis of Resiliency Configurations for Cyber Networks
Publication TypeConference Paper
Year of Publication2016
AuthorsMohammad Ashiqur Rahman, Abdullah Al Faroq, Amarjit Datta, Ehab Al-Shaer
Conference Name IEEE Conference on Communications and Network Security (CNS)
Date Published10/2016
PublisherIEEE
Conference LocationPhiladelphia, USA
Abstract

Enterprise networks deploy security devices to control access and limit potential threats. Due to the emergence of zero-day attacks, security device based isolation measures like access denial, trusted communication, and payload inspection are often not adequate for the resilient execution of an organization's mission. Diversity between two hosts in terms of operating systems and services running on these hosts is crucial for limiting the attack propagation. Since different software systems have different vulnerabilities, it is important to have the hosts diversified considering the isolation among the hosts as well as the mission requirements. In this paper, we present a formal model for synthesizing network resiliency configurations. The resiliency design integrates isolation and diversity measures. We take the network topology, resiliency requirements, and business constraints as inputs. Then, our proposed model synthesizes cost-effective resiliency configurations satisfying the constraints. The output of the model provides necessary placements of different security devices in the topology and necessary installments of operating systems and services on the hosts. We demonstrate the execution of the proposed model as well as their scalability using simulated experiments.

URLhttp://ieeexplore.ieee.org/document/7860491/?reload=true
DOI10.1109/CNS.2016.7860491
Citation Keynode-28948