Published: December 10, 2010
Author(s)
Lingyu Wang (Concordia University), Sushil Jajodia (GMU), Anoop Singhal (NIST), Steven Noel (GMU)
Conference
Name: 15th European Symposium on Research in Computer Security (ESORICS 2010)
Dates: 09/20/2010 - 09/22/2010
Location: Athens, Greece
Citation: Computer Security - ESORICS 2010, vol. 6345, pp. 573-587
The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic [10]. In this paper, we propose a novel security metric, k-zero day safety, based on the number of unknown zero day vulnerabilities. That is, the metric simply counts how many unknown vulnerabilities would be required for compromising a network asset, regardless of what vulnerabilities those might be. We formally define the metric based on an abstract model of networks and attacks. We then devise algorithms for computing the metric. Finally, we show the metric can quantify many existing practices in hardening a network.
The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic [10]. In this paper, we propose a novel...
See full abstract
The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic [10]. In this paper, we propose a novel security metric, k-zero day safety, based on the number of unknown zero day vulnerabilities. That is, the metric simply counts how many unknown vulnerabilities would be required for compromising a network asset, regardless of what vulnerabilities those might be. We formally define the metric based on an abstract model of networks and attacks. We then devise algorithms for computing the metric. Finally, we show the metric can quantify many existing practices in hardening a network.
Hide full abstract
Keywords
attack graphs; network security; security metrics
Control Families
None selected