Security metrics and security assessment techniques for the computer networks on the base of the attack graphs

Background: With the advancement in the field of software development, software poses threats and risks to customers’ data and privacy. Most of these threats are persistent because security is mostly considered as a feature or a non-functional requirement, not taken into account during the software development life cycle (SDLC). Introduction: In order to evaluate the security performance of a software system, it is necessary to integrate the security metrics during the SDLC. The appropriate security metrics adopted for each phase of SDLC aids in defining the security goals and objectives of the software as well as quantify the security in the software. Methods: This paper presents systematic review and catalog of security metrics that can be adopted during the distinguishable phases of SDLC, security metrics for vulnerability and risk assessment reported in the literature for secure development of software. The practices of these metrics enable software security experts to improve the security characteristics of the software being developed. The critical analysis of security metrics of each phase and their comparison are also discussed. Results: Security metrics obtained during the development processes help to improve the confidentiality, integrity, and availability of software. Hence, it is imperative to consider security during the development of the software, which can be done with the use of software security metrics. Conclusion: This paper reviews the various security metrics that are meditated in the copious phases during the progression of the SDLC in order to provide researchers and practitioners with substantial knowledge for adaptation and further security assessment.

Multi-Aspect Security Assessment of Airport Computer Networks

AIAA Infotech@Aerospace 2010 ◽

10.2514/6.2010-3312 ◽

2010 ◽

Author(s):

Mirko Montanari ◽

Roy Campbell

Keyword(s):

Computer Networks ◽

Security Assessment

Metric Based Security Assessment

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch094 ◽

2008 ◽

pp. 1396-1415

Author(s):

James E. Goldman ◽

Vaughn R. Christie

Keyword(s):

Information Security ◽

Assessment Tool ◽

Maturity Model ◽

Security Assessment ◽

Self Assessment ◽

Security Metrics ◽

Capability Maturity ◽

Security Models ◽

Organization's Information Security ◽

Systems Security Engineering

This chapter introduces the Metrics Based Security Assessment (MBSA) as a means of measuring an organization’s information security maturity. It argues that the historical (i.e., first through third generations) approaches used to assess/ensure system security are not effective and thereby combines the strengths of two industry proven information security models, the ISO 17799 Standard and the Systems Security Engineering Capability Maturity Model (SSE-CMM), to overcome their inherent weaknesses. Furthermore, the authors trust that the use of information security metrics will enable information security practitioners to measure their information security efforts in a more consistent, reliable, and timely manner. Such a solution will allow a more reliable qualitative measurement of the return achieved through given information security investments. Ultimately, the MBSA will allow professionals an additional, more robust self-assessment tool in answering management questions similar to: “How secure are we?”

Security Assessment Methodology Based on the Semantic Model of Metrics and Data

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-1-29-40 ◽

2021 ◽

pp. 29-40

Author(s):

Elena Doynikova ◽

◽

Andrey Fedorchenko ◽

Igor Kotenko ◽

Evgenia Novikova ◽

...

Keyword(s):

Information System ◽

System Analysis ◽

Semantic Analysis ◽

Data Sources ◽

Security Level ◽

Security Assessment ◽

Semantic Model ◽

Security Metrics ◽

Security Research ◽

Proposed Model

The purpose of the article: development of semantic model of metrics and data and technique for security assessment based on of this model to get objective scores of information system security. Research method: theoretical and system analysis of open security data sources and security metrics, semantic analysis and classification of security data, development of the security assessment technique based on the semantic model and methods of logical inference, functional testing of the developed technique. The result obtained: an approach based on the semantic model of metrics and data is proposed. The model is an ontology generated considering relations among the data sources, information system objects and data about them, primary metrics of information system objects and integral metrics and goals of assessment. The technique for metrics calculation and assessment of unspecified information systems security level in real-time using the proposed model is developed. The case study demonstrating applicability of the developed technique and ontology to answer security assessment questions is provided. The area of use of the proposed approach are security assessment components of information security monitoring and management systems aimed at increasing their efficiency.

Selection of countermeasures against network attacks based on dynamical calculation of security metrics

The Journal of Defense Modeling and Simulation Applications Methodology Technology ◽

10.1177/1548512917690278 ◽

2017 ◽

Vol 15 (2) ◽

pp. 181-204 ◽

Cited By ~ 4

Author(s):

Igor Kotenko ◽

Elena Doynikova

Keyword(s):

Computer Network ◽

Security Analysis ◽

Security Assessment ◽

Security Metrics ◽

Network Attacks ◽

Model Driven ◽

Analysis Technique ◽

Suggested Technique ◽

Open Standards ◽

Computer Network Attacks

This paper considers the issue of countermeasure selection for ongoing computer network attacks. We outline several challenges that should be overcome for the efficient response: the uncertainty of an attacker behavior, the complexity of interconnections between the resources of the modern distributed systems, the huge set of security data, time limitations, and balancing between countermeasure costs and attack losses. Although there are many works that are focused on the particular challenges, we suppose that there is still a need for an integrated solution that takes into account all of these issues. We suggest a model-driven approach to the security assessment and countermeasure selection in the computer networks that takes into account characteristics of different objects of assessment. The approach is based on integration with security information and event management systems to consider the dynamics of attack development, taking into account security event processing. Open standards and databases are used to automate security data processing. The suggested technique for countermeasure selection is based on the countermeasure model that was defined on the basis of open standards, the family of interrelated security metrics, and the security analysis technique based on attack graphs and service dependencies. We describe the prototype of the developed system and validate it on several case studies.

Model for evaluation of SOA security metrics using attack graphs

International Journal of Critical Computer-Based Systems ◽

10.1504/ijccbs.2010.031712 ◽

2010 ◽

Vol 1 (1/2/3) ◽

pp. 161 ◽

Cited By ~ 1

Author(s):

Jan Magott ◽

Marek Woda

Keyword(s):

Security Metrics ◽

Attack Graphs ◽

Soa Security

A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security Models

Security and Communication Networks ◽

10.1155/2020/7235043 ◽

2020 ◽

Vol 2020 ◽

pp. 1-15

Author(s):

Taehoon Eom ◽

Jin B. Hong ◽

SeongMo An ◽

Jong Sou Park ◽

Dong Seong Kim

Keyword(s):

Real Time ◽

Network Flow ◽

Software Defined Networking ◽

Cyber Attacks ◽

Security Assessment ◽

Security Metrics ◽

Intrusion Response ◽

Security Models ◽

Flow Table ◽

Attack Trees

Software defined networking (SDN) has been adopted in many application domains as it provides functionalities to dynamically control the network flow more robust and more economical compared to the traditional networks. In order to strengthen the security of the SDN against cyber attacks, many security solutions have been proposed. However, those solutions need to be compared in order to optimize the security of the SDN. To assess and evaluate the security of the SDN systematically, one can use graphical security models (e.g., attack graphs and attack trees). However, it is difficult to provide defense against an attack in real time due to their high computational complexity. In this paper, we propose a real-time intrusion response in SDN using precomputation to estimate the likelihood of future attack paths from an ongoing attack. We also take into account various SDN components to conduct a security assessment, which were not available when addressing only the components of an existing network. Our experimental analysis shows that we are able to estimate possible attack paths of an ongoing attack to mitigate it in real time, as well as showing the security metrics that depend on the flow table, including the SDN component. Hence, the proposed approach can be used to provide effective real-time mitigation solutions for securing SDN.

Exploring security metrics for electric grid infrastructures leveraging attack graphs

2016 IEEE Conference on Technologies for Sustainability (SusTech) ◽

10.1109/sustech.2016.7897148 ◽

2016 ◽

Cited By ~ 2

Author(s):

Panini Sai Patapanchala ◽

Chen Huo ◽

Rakesh B. Bobba ◽

Eduardo Cotilla-Sanchez

Keyword(s):

Electric Grid ◽

Security Metrics ◽

Attack Graphs ◽

Grid Infrastructures

Evaluation of SOA Security Metrics Using Attack Graphs

2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX ◽

10.1109/depcos-relcomex.2008.16 ◽

2008 ◽

Author(s):

Jan Magott ◽

Marek Woda

Keyword(s):

Security Metrics ◽

Attack Graphs ◽

Soa Security