Visible to the public Biblio

Filters: Author is Abdullah Al Faroq  [Clear All Filters]
2016-10-06
Mohammad Ashiqur Rahman, Abdullah Al Faroq, Amarjit Datta, Ehab Al-Shaer.  2016.  Automated Synthesis of Resiliency Configurations for Cyber Networks. IEEE Conference on Communications and Network Security (CNS).

Enterprise networks deploy security devices to control access and limit potential threats. Due to the emergence of zero-day attacks, security device based isolation measures like access denial, trusted communication, and payload inspection are often not adequate for the resilient execution of an organization's mission. Diversity between two hosts in terms of operating systems and services running on these hosts is crucial for limiting the attack propagation. Since different software systems have different vulnerabilities, it is important to have the hosts diversified considering the isolation among the hosts as well as the mission requirements. In this paper, we present a formal model for synthesizing network resiliency configurations. The resiliency design integrates isolation and diversity measures. We take the network topology, resiliency requirements, and business constraints as inputs. Then, our proposed model synthesizes cost-effective resiliency configurations satisfying the constraints. The output of the model provides necessary placements of different security devices in the topology and necessary installments of operating systems and services on the hosts. We demonstrate the execution of the proposed model as well as their scalability using simulated experiments.
 

2016-09-30
Mohammad Ashiqur Rahman, Abdullah Al Faroq, Amarjit Datta, Ehab Al-Shaer.  2016.   Automated Synthesis of Resiliency Configurations for Cyber Networks. IEEE Conference on Communications and Network Security (CNS).