Abstract
Information systems are increasingly dependent on highly distributed architectures that include multiple dependencies. Even basic attacks like script-kiddies have drastic effects on target systems as they easily spread through existing dependencies. Unless intrusion effects are accurately assessed, response systems will still be blinded when selecting optimal responses. In fact, using only response costs as a basis to select responses is still meaningless if not compared to intrusion costs. While conventional responses provoke mostly availability impacts, intrusions affect confidentiality, integrity and availability.
This paper develops an approach to assess intrusion impacts on IT systems. It uses service dependencies as frames for propagating impacts. It goes beyond existing methods which mostly use dependability analysis techniques. It explores service privileges as being the main targets for attackers, and the tunable parameters for intrusion response. The approach presented in this paper is implemented as a simulation-based framework and demonstrated for the example of a vehicle reservation service.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Balepin, I., Maltsev, S., Rowe, J., Levitt, K.N.: Using specification-based intrusion detection for automated response. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 136–154. Springer, Heidelberg (2003)
Cuppens, F., Autrel, F., Yacine Bouzida, J.G., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Annals of Telecom 61, 197–217 (2006)
Dacier, M., Deswarte, Y., Kaâniche, M.: Quantitative assessment of operational security: Models and tools. LAAS Research Report 96493 (1996)
Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling automated threat response through the use of a dynamic security policy. Journal in Computer Virology 3 (2007)
Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Jahnke, M., Thul, C., Martini, P.: Graph based metrics for intrusion response measures in computer networks. In: 32nd IEEE Conf. LCN (2007)
Jajodia, S., Noel, S.: Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response. In: Algorithms, Architectures, and Information Systems Security (2007)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Dubus, S., Martin, A.: Success likelihood of ongoing attacks for intrusion detection and response systems. In: Inter’l Conf. on Computational Science and Engineering (2009)
Kheir, N., Debar, H., Cuppens, F., Cuppens-Boulahia, N., Viinikka, J.: A service dependency modeling framework for policy-based response enforcement. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 176–195. Springer, Heidelberg (2009)
Kheir, N., Debar, H., Cuppens-Boulahia, N., Cuppens, F., Viinikka, J.: Cost assessment for intrusion response using dependency graphs. In: Proc. IFIP Inter’l Conf. on Network and Service Security (2009)
Kristensen, L.M., Christensen, S., Jensen, K.: Practitioner’s guide to colored petri nets. Inter’l Journal on Software Tools for Technology Transfer (1998)
Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: Proc. IEEE Symp. Security and Privacy, p. 114 (2002)
Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proc. 19th Conf. ACSAC (2003)
Papadaki, M., Furnell, S.: Informing the decision process in an automated intrusion response system. Information security Tech. Report, pp. 150–161 (2005)
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. IEEE Computer 29, 38–47 (1996)
Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: Proc. Wkshp on Formal Methods for Components and Objects (2004)
Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proc. 21st Inter’l Conf. AINA, pp. 428–435
Stakhanova, N., Basu, S., Wong, J.: A taxonomy of intrusion response systems. Inter’l Journal information and computer security, 169–184 (2007)
Toth, T., Kruegel, C.: Evaluating the impact of automated intrusion response mechanisms. In: Proc. 18th Conf. ACSAC (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H. (2010). Ex-SDF: An Extended Service Dependency Framework for Intrusion Impact Assessment. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)