Biblio

Traditional risk assessment process based on knowledge of threat occurrence probability against every system’s asset. One should consider asset placement, applied security measures on asset and network levels, adversary capabilities and so on: all of that has significant influence on probability value. We can measure threat probability by modelling complex attack process. Such process requires creating an attack tree, which consist of elementary attacks against different assets and relations between elementary attacks and impact on influenced assets. However, different attack path may lead to targeted impact – so task of finding optimal attack chain on a given system topology emerges. In this paper method for complex attack graph creation presented, allowing automatic building various attack scenarios for a given system. Assuming that exploits of particular vulnerabilities represent by independent events, we can compute the overall success probability of a complex attack as the product of the success probabilities of exploiting individual vulnerabilities. This assumption makes it possible to use algorithms for finding the shortest paths on a directed graph to find the optimal chain of attacks for a given adversary’s target.

Securing the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.

With the rapid development of the Industrial Internet, the network security risks faced by industrial control systems (ICSs) are becoming more and more intense. How to do a good job in the security protection of industrial control systems is extremely urgent. For traditional network security, industrial control systems have some unique characteristics, which results in traditional intrusion detection systems that cannot be directly reused on it. Aiming at the industrial control system, this paper constructs all attack paths from the hacker's perspective through the attack tree model, and uses the LSTM algorithm to identify and classify the attack behavior, and then further classify the attack event by extracting atomic actions. Finally, through the constructed attack tree model, the results are reversed and predicted. The results show that the model has a good effect on attack recognition, and can effectively analyze the hacker attack path and predict the next attack target.

Wide integration of information and communication technology (ICT) in modern power grids has brought many benefits as well as the risk of cyber attacks. A critical step towards defending grid cyber security is to understand the cyber-physical causal chain, which describes the progression of intrusion in cyber-space leading to the formation of consequences on the physical power grid. In this paper, we develop an attack vector for a time delay attack at load frequency control in the power grid. Distinct from existing works, which are separately focused on cyber intrusion, grid response, or testbed validation, the proposed attack vector for the first time provides a full cyber-physical causal chain. It targets specific vulnerabilities in the protocols, performs a denial-of-service (DoS) attack, induces the delays in control loop, and destabilizes grid frequency. The proposed attack vector is proved in theory, presented as an attack tree, and validated in an experimental environment. The results will provide valuable insights to develop security measures and robust controls against time delay attacks.

Attacks on cloud-computing services are becoming more prevalent with recent victims including Tesla, Aviva Insurance and SIM-card manufacturer Gemalto[1]. The risk posed to organisations from malicious insiders is becoming more widely known about and consequently many are now investing in hardware, software and new processes to try to detect these attacks. As for all types of attack vector, there will always be those which are not known about and those which are known about but remain exceptionally difficult to detect - particularly in a timely manner. We believe that insider attacks are of particular concern in a cloud-computing environment, and that cloud-service providers should enhance their ability to detect them by means of indirect detection. We propose a combined attack-tree and kill-chain based method for identifying multiple indirect detection measures. Specifically, the use of attack trees enables us to encapsulate all detection opportunities for insider attacks in cloud-service environments. Overlaying the attack tree on top of a kill chain in turn facilitates indirect detection opportunities higher-up the tree as well as allowing the provider to determine how far an attack has progressed once suspicious activity is detected. We demonstrate the method through consideration of a specific type of insider attack - that of attempting to capture virtual machines in transit within a cloud cluster via use of a network tap, however, the process discussed here applies equally to all cloud paradigms.

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.

By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements to the NetSPA attack graph system required to model additional present-day threats (zero-day exploits and client-side attacks) and countermeasures (intrusion prevention systems, proxy firewalls, personal firewalls, and host-based vulnerability scans). Point-to-point reachability algorithms and structures were extensively redesigned to support "reverse" reachability computations and personal firewalls. Host-based vulnerability scans are imported and analyzed. Analysis of an operational network with 84 hosts demonstrates that client-side attacks pose a serious threat. Experiments on larger simulated networks demonstrated that NetSPA's previous excellent scaling is maintained. Less than two minutes are required to completely analyze a four-enclave simulated network with more than 40,000 hosts protected by personal firewalls.

Cloud storage brokerage systems abstract cloud storage complexities by mediating technical and business relationships between cloud stakeholders, while providing value-added services. This however raises security challenges pertaining to the integration of disparate components with sometimes conflicting security policies and architectural complexities. Assessing the security risks of these challenges is therefore important for Cloud Storage Brokers (CSBs). In this paper, we present a threat modeling schema to analyze and identify threats and risks in cloud brokerage brokerage systems. Our threat modeling schema works by generating attack trees, attack graphs, and data flow diagrams that represent the interconnections between identified security risks. Our proof-of-concept implementation employs the Common Configuration Scoring System (CCSS) to support the threat modeling schema, since current schemes lack sufficient security metrics which are imperatives for comprehensive risk assessments. We demonstrate the efficiency of our proposal by devising CCSS base scores for two attacks commonly launched against cloud storage systems: Cloud sStorage Enumeration Attack and Cloud Storage Exploitation Attack. These metrics are then combined with CVSS based metrics to assign probabilities in an Attack Tree. Thus, we show the possibility combining CVSS and CCSS for comprehensive threat modeling, and also show that our schemas can be used to improve cloud security.

SDN with centralized control is more vulnerable to suffer from APT than traditional network. To accurately detect the APT that the SDN may suffer from, this paper proposes the APT detection method based on attack tree for SDN. Firstly, after deeply analyzing the process of APT in SDN, we establish APT attack model based on attack tree. Then, correlation analysis of attack behavior that detected by multiple detection methods to get attack path. Finally, the attack path match the APT attack model to judge whether there is an APT in SDN. Experiment shows that the method is more accurate to detect APT in SDN, and less overhead.

Nowadays, Vehicular ad hoc network confronts many challenges in terms of security and privacy, due to the fact that data transmitted are diffused in an open access environment. However, highest of drivers want to maintain their information discreet and protected, and they do not want to share their confidential information. So, the private information of drivers who are distributed in this network must be protected against various threats that may damage their privacy. That is why, confidentiality, integrity and availability are the important security requirements in VANET. This paper focus on security threat in vehicle network especially on the availability of this network. Then we regard the rational attacker who decides to lead an attack based on its adversary's strategy to maximize its own attack interests. Our aim is to provide reliability and privacy of VANET system, by preventing attackers from violating and endangering the network. to ensure this objective, we adopt a tree structure called attack tree to model the attacker's potential attack strategies. Also, we join the countermeasures to the attack tree in order to build attack-defense tree for defending these attacks.

Wide Area Monitoring Systems (WAMSs) provide an essential building block for Smart Grid supervision and control. Distributed Phasor Measurement Units (PMUs) allow accurate clock-synchronized measurements of voltage and current phasors (amplitudes, phase angles) and frequencies. The sensor data from PMUs provide situational awareness in the grid, and are used as input for control decisions. A modification of sensor data can severely impact grid stability, overall power supply, and physical devices. Since power grids are critical infrastructures, WAMSs are tempting targets for all kinds of attackers, including well-organized and motivated adversaries such as terrorist groups or adversarial nation states. Such groups possess sufficient resources to launch sophisticated attacks. In this paper, we provide an in-depth analysis of attack possibilities on WAMSs. We model the dependencies and building blocks of Advanced Persistent Threats (APTs) on WAMSs using attack trees. We consider the whole WAMS infrastructure, including aggregation and data collection points, such as Phasor Data Concentrators (PDCs), classical IT components, and clock synchronization. Since Smart Grids are cyber-physical systems, we consider physical perturbations, in addition to cyber attacks in our models. The models provide valuable information about the chain of cyber or physical attack steps that can be combined to build a sophisticated attack for reaching a higher goal. They assist in the assessment of physical and cyber vulnerabilities, and provide strategic guidance for the deployment of suitable countermeasures.

Used by both information systems designers and security personnel, the Attack Tree method provides a graphical analysis of the ways in which an entity (a computer system or network, an entire organization, etc.) can be attacked and indicates the countermeasures that can be taken to prevent the attackers to reach their objective. In this paper, we built an Attack Tree focused on the goal “compromising the security of a Web platform”, considering the most common vulnerabilities of the WordPress platform identified by CVE (Common Vulnerabilities and Exposures), a global reference system for recording information regarding computer security threats. Finally, based on the likelihood of the attacks, we made a quantitative analysis of the probability that the security of the Web platform can be compromised.

In this paper, we focus on the security issues and challenges in smart grid. Smart grid security features must address not only the expected deliberate attacks, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. An important component of smart grid is the advanced metering infrastructure which is critical to support two-way communication of real time information for better electricity generation, distribution and consumption. These reasons makes security a prominent factor of importance to AMI. In recent times, attacks on smart grid have been modelled using attack tree. Attack tree has been extensively used as an efficient and effective tool to model security threats and vulnerabilities in systems where the ultimate goal of an attacker can be divided into a set of multiple concrete or atomic sub-goals. The sub-goals are related to each other as either AND-siblings or OR-siblings, which essentially depicts whether some or all of the sub-goals must be attained for the attacker to reach the goal. On the other hand, as a security professional one needs to find out the most effective way to address the security issues in the system under consideration. It is imperative to assume that each attack prevention strategy incurs some cost and the utility company would always look to minimize the same. We present a cost-effective mechanism to identify minimum number of potential atomic attacks in an attack tree.

Cyber-Physical Systems (CPS) represent a fundamental link between information technology (IT) systems and the devices that control industrial production and maintain critical infrastructure services that support our modern world. Increasingly, the interconnections among CPS and IT systems have created exploitable security vulnerabilities due to a number of factors, including a legacy of weak information security applications on CPS and the tendency of CPS operators to prioritize operational availability at the expense of integrity and confidentiality. As a result, CPS are subject to a number of threats from cyber attackers and cyber-physical attackers, including denial of service and even attacks against the integrity of the data in the system. The effects of these attacks extend beyond mere loss of data or the inability to access information system services. Attacks against CPS can cause physical damage in the real world. This paper reviews the challenges of providing information assurance services for CPS that operate critical infrastructure systems and industrial control systems. These methods are thorough measures to close integrity and confidentiality gaps in CPS and processes to highlight the security risks that remain. This paper also outlines approaches to reduce the overhead and complexity for security methods, as well as examine novel approaches, including covert communications channels, to increase CPS security.