The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures

IEEE Systems Journal

Volumn 7, Issue 3, 2013, Pages 363-373

  Sommestad, Teodor ^a   Ekstedt, Mathias ^a   Holm, Hannes ^a  

^a ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

Author keywords

Computer security; expert systems; risk analysis; supervisory control and data acquisition (SCADA) systems

Indexed keywords

COMPONENT LEVELS; ENTERPRISE SYSTEM; MODELING LANGUAGES; PROBABILISTIC INFERENCE; SECURITY DOMAINS; SECURITY PROFESSIONALS; SUPERVISORY CONTROL AND DATAACQUISITION SYSTEMS (SCADA); SYSTEM ARCHITECTURES;

EXPERT SYSTEMS; INDUSTRY; RISK ANALYSIS; SCADA SYSTEMS; SECURITY OF DATA; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 84880572592     PISSN: 19328184     EISSN: 19379234     Source Type: Journal    
DOI: 10.1109/JSYST.2012.2221853     Document Type: Article

References (66)

1. T. Sommestad, M. Ekstedt, and P. Johnson, "A probabilistic relational model for security risk analysis," Comput. Security, vol. 29, no. 6, pp. 659-679, Mar. 2010.
2. B. Taskar et al., "Probabilistic relational models," in Introduction to Statistical Relational Learning, L. Getoor and B. Taskar, Eds. Cambridge, MA: MIT Press, 2007, pp. 129-175.
3. V. Verendel, "Quantified security is a weak hypothesis: A critical survey of results and assumptions," in Proc. New Security Paradigms Workshop, 2009, pp. 37-49.
4. "Information Technology-Security Techniques-Information Security Management Measurements, ISO/IEC 27004, ISO/IEC, Geneva, Switzerland, 2009.
5. M. Swanson et al., "Security metrics guide for information technology systems," National Instit. Standards Technol., NIST Special Publication 800-55, Gaithersburg, MD, 2003.
6. B. Schneier, "Attack trees: Modeling security threats," Dr. Dobb's J., Dec. 1999 [Online]. Available: http://www.drdobbs.com/attacktrees/ 184411129?queryText=%2522attack%2Btree%2522
7. S. Bistarelli, F. Fioravanti, and P. Peretti, "Defense trees for economic evaluation of security investments," in Proc. 1st Int. Conf. Availability Reliability Security, 2006, pp. 416-423. (Pubitemid 44732672)
8. L. Piètre-Cambacédès and M. Bouissou, "Beyond attack trees: Dynamic security modeling with Boolean logic driven Markov processes (BDMP)," in Proc. Eur. Dependable Comput. Conf., 2010, pp. 199-208.
9. M. S. Lund, B. Solhaug, and K. Stolen, Model-Driven Risk Analysis: The CORAS Approach. Berlin, Germany: Springer-Verlag, 2011.
10. H. Mouratidis, P. Giorgini, G. Manson, and I. Philp, "A natural extension of Tropos methodology for modelling security," in Proc. Agent Oriented Methodol. Workshop, 2002, pp. 1-10.
11. R. Breu, F. Innerhofer-Oberperfler, and A. Yautsiukhin, "Quantitative assessment of enterprise security system," in Proc. 3rd Int. Conf. Availability Reliab. Security, Mar. 2008, pp. 921-928.
12. H. Pardue, J. Landry, and A. Yasinsac, "A risk assessment model for voting systems using threat trees and Monte Carlo simulation," in Proc. 1st Int. Workshop Requirements Eng. e-Voting Syst. (RE-VOTE'09), 2010, pp. 55-60.
13. H. Pardue, J. P. Landry, and A. Yasinsac, "E-voting risk assessment," Int. J. Inform. Security Privacy, vol. 5, no. 3, pp. 19-35, 2011.
14. P. Mell, K. Scarfone, and S. Romanosky, A Complete Guide to the Common Vulnerability Scoring System (CVSS), Version 2.0, Forum of Incident Response and Security Teams, 2007.
15. M. A. McQueen, W. F. Boyer, M. A. Flynn, and G. A. Beitel, Quality of Protection, vol. 23. Boston, MA: Springer, 2006, pp. 49-64.
16. E. Johansson, "Assessment of enterprise information security: How to make it credible and efficient," Ph.D. dissertation, Dept. Ind. Inform. Control Syst., Royal Instit. Technol., Stockholm, Sweden, 2005.
17. T. Heberlein et al. (2012, Mar. 21). A Taxonomy for Comparing Attack-Graph Approaches [Online]. Available: http://netsq.com/Documents/ AttackGraphPaper.pdf.
18. S. Roschke et al., "Toward unifying vulnerability information for attack graph construction," in Proc. 12th Int. Conf. Information Security, 2009, p. 233.
19. L. P. Swiler et al., "Computer-attack graph generation tool," in Proc. DARPA Inform. Survivability Conf. Expo. II (DISCEX), 2000, pp. 307-321.
20. O. M. Sheyner, "Scenario graphs and attack graphs," Ph.D. dissertation, Comput. Sci. Dept., Carnegie Mellon Univ., Pittsburgh, PA, 2004.
21. R. Lippmann, "Netspa: A network security planning architecture," M.Eng. thesis, Dept. Electr. Eng. Comput. Sci., Massachusetts Instit. Technol., Cambridge, MA, 2002.
22. R. Lippmann et al., "Validating and restoring defense in depth using attack graphs," in Proc. MILCOM, 2006, p. 10.
23. J. Homer et al., "A sound and practical approach to quantifying security risk in enterprise networks," Comput. Inform. Sci. Dept., Kansas State Univ., Tech. Rep., 2010.
24. S. Noel et al., Advances in Topological Vulnerability Analysis. Washington D.C.: IEEE, 2009, pp. 124-129.
25. R. P. Lippmann and L. L. C. Williams, "GARNET: A graphical attack graph and reachability network evaluation tool," in Visualization for Computer Security, K. Prole, Ed. Heidelberg/Berlin, Germany: Springer, 2008, pp. 44-59.
26. M. Chu et al., "Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR," in Proc.7th Int. Symp. Visualization Cyber Security, 2010, pp. 22-33.
27. R. Sawilla and X. Ou, "Identifying critical attack assets in dependency attack graphs," in Proc. 13th Eur. Symp. Res. Comput. Security, 2008, pp. 18-34.
28. H. Holm et al., "A quantitative evaluation of vulnerability scanning," Inform. Manage. Comput. Security, vol. 19, no. 4, pp. 231-247, 2011.
29. K. Stouffer, J. Falco, and K. Kent, "Guide to industrial control systems (ICS) security recommendations of the National Institute of Standards and Technology," NIST Special Publication 800-82, Gaithersburg, MD, 2008.
30. K. Ingols et al., "Modeling modern network attacks and countermeasures using attack graphs," in Proc. Annu. Comput. Security Appl. Conf., 2009, pp. 117-126.
31. F. Jensen, Bayesian Networks and Decision Graphs. Secaucus, NJ: Springer, 2001.
32. R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. New York: Wiley, 2008.
33. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, p. 39, Apr. 2004.
34. MITRE Corporation (2012, Mar. 21). The Common Attack Pattern Enumeration and Classification [Online]. Available: http://capec.mitre.org/
35. J. Wilander and M. Kamkar, "A comparison of publicly available tools for dynamic buffer overflow prevention," in Proc. 10th Network Distributed Syst. Security Symp., 2003, pp. 149-162.
36. C. Cowan et al., "Buffer overflows: Attacks and defenses for the vulnerability of the decade," in Foundations of Intrusion Tolerant Systems, 2003
37. [Organically Assured and Survivable Information Systems]. Hilton Head, SC: IEEE, 2003, pp. 227-237.
38. N. Frykholm, "Countermeasures against buffer overflow attacks," RSA Tech. Note, 2000, pp. 1-9.
39. I. Simon. (2012, Mar. 21). A Comparative Analysis of Methods Defense Against Buffer Overflow Attacks [Online]. Available: http://www.mcs. csuhayward.edu/\?simon/security/boflo.html
40. Y. Younan, "Efficient countermeasures for software vulnerabilities due to memory management errors," Ph.D. dissertation, Dept. Computerwetenschappen, Katholieke Univ. Leuven, Leuven, Belgium, 2008.
41. S. Marechal, "Advances in password cracking," J. Comput. Virol., vol. 4, no. 1, pp. 73-81, 2007. (Pubitemid 351207809)
42. M. Dell' Amico et al., "Password strength: An empirical analysis," in Proc. IEEE INFOCOM, 2010, pp. 1-9.
43. J. A. Cazier and B. D. Medlin, "Password security: An empirical investigation into e-commerce passwords and their crack times," Inform. Syst. Security, vol. 15, no. 6, pp. 45-55, Dec. 2006.
44. Free Rainbow Tables. (2012, Mar. 3) [Online]. Available: http://www. freerainbowtables.com/
45. J. McHugh, "Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory," ACM Trans. Inf. Syst. Security, vol. 3, no. 4, pp. 262-294, Nov. 2000.
46. A. Ozment, "Improving vulnerability discovery models," in Proc. ACM Workshop Quality Protection, 2007, pp. 6-11.
47. T. Sommestad, H. Holm, and M. Ekstedt, "Effort estimates for vulnerability discovery projects," in Proc. 45th Hawaii Int. Conf. Syst. Sci., 2012, pp. 5564-5573.
48. T. Sommestad, H. Holm, and M. Ekstedt, "Estimates of success rates of remote arbitrary code execution attacks," Inform. Manage. Comput. Security, vol. 20, no. 2, pp. 107-122, 2012.
49. T. Sommestad, H. Holm, and M. Ekstedt, "Estimates of success rates of denial-of-service attacks," in Proc. TrustCom, 2011, pp. 21-28.
50. T. Sommestad et al., "Quantifying the effectiveness of intrusion detection systems in operation through domain experts," to be published.
51. R. Cooke, "TU Delft expert judgment data base," Reliab. Eng. Syst. Safety, vol. 93, no. 5, pp. 657-674, May 2008.
52. T. Sommestad, "Exploiting network configuration mistakes: Practitioners self-assessed success rate," Royal Instit. Technol., Tech. Rep. TRITA-EE 2011:069, Stockholm, Sweden, 2011.
53. T. Sommestad et al., "Security mistakes in information system deployment projects," Inform. Manage. Comput. Security, vol. 19, no. 2, pp. 80-94, 2011.
54. A. Wool, "A quantitative study of firewall configuration errors," Computer, vol. 37, no. 6, pp. 62-67, Jun. 2004.
55. J. R. Jacobs, Measuring the Effectiveness of the USB Flash Drive as a Vector for Social Engineering Attacks on Commercial and Residential Computer Systems, Embry Riddle Aeronautical Univ., Hickam AFB, HI, 2011.
56. S. Stasiukonis, "Social engineering, the USB way," Dark Reading, Manhasset, NY, June 7, 2006.
57. T. N. Jagatic et al., "Social phishing," Commun. ACM, vol. 50, no. 10, pp. 94-100, Mar. 2007. (Pubitemid 47505005)
58. R. Dodge and A. Ferguson, "Using phishing for user email security awareness," in Security and Privacy in Dynamic Environments, vol. 201, S. Fischer-Hübner, K. Rannenberg, L. Yngström, and S. Lindskog, Eds. Boston, MA: Springer, 2006, pp. 454-459. (Pubitemid 44920678)
59. M. Buschle. (2012. Mar. 21). KTH The Enterprise Architecture Tool [Online]. Available: http://www.kth.se/ees/omskolan/organisation/avdelningar/ ics/research/eat
60. R. M. O'Keefe and D. E. O'Leary, "Expert system verification and validation: A survey and tutorial," Artif. Intell. Rev., vol. 7, no. 1, pp. 3-42, Feb. 1993.
61. M. Buschle, J. Ullberg, U. Franke, R. Lagerström, and T. Sommestad, "A tool for enterprise architecture analysis using the PRM Formalism," in Information Systems Evolution, vol. 72, P. Soffer and E. Proper, Eds. Berlin/Heidelberg, Germany: Springer, 2011, pp. 108-121.
62. M. J. Druzdzel, "GeNIe: A development environment for graphical decision-analytic models," in Proc. Ann. Symp. American Medical Informatics Assoc., 1999, p. 1206.
63. R. Agarwal, R. Kannan, and M. Tanniru, "Formal validation of a knowledge-based system using a variation of the Turing test," Expert Syst. Appl., vol. 6, no. 2, pp. 181-192, Apr. 1993. (Pubitemid 23680020)
64. M. Österlind, Validering av vektyget Enterprise Architecture Tool. Dept. Ind. Inform. Control Syst., Royal Instit. Technol. (KTH), 2011.
65. M. Buschle, H. Holm, T. Sommestad, M. Ekstedt, and K. Shahzad, "A tool for automatic enterprise architecture modeling," in IS Olympics: Information Systems in a Diverse World, vol. 107, S. Nurcan, Ed. Berlin/Heidelberg, Germany: Springer, 2012, pp. 1-15.
66. D. Ahmad, "The contemporary software security landscape," IEEE Security Privacy Mag., vol. 5, no. 3, pp. 75-77, May 2007. (Pubitemid 46883440)