Advertisement

Cross-Layer Damage Assessment for Cyber Situational Awareness

  • Peng Liu
  • Xiaoqi Jia
  • Shengzhi Zhang
  • Xi Xiong
  • Yoon-Chan Jhi
  • Kun Bai
  • Jason Li
Chapter
Part of the Advances in Information Security book series (ADIS, volume 46)

Abstract

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

Keywords

Virtual Machine Damage Assessment Abstraction Level Damage Propagation Virtual Machine Monitor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Notes

Acknowledgements

This work was supported by NSF CNS-0716479, AFOSR MURI: Autonomic Recovery of Enterprise-wide Systems after Attack or Failure with Forward Correction, AFRL award FA8750-08-C-0137, and ARO MURI: Computer-aided Human Centric Cyber Situation Awareness.

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
    P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. 14(5):1167–1185, 2002.Google Scholar
  5. 5.
    P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pages 217–224, Washington, DC, USA, 2002. ACM.Google Scholar
  6. 6.
    Kun Bai and Peng Liu. A data damage tracking quarantine and recovery (dtqr) scheme for mission-critical database systems. pages 720–731, 2009.Google Scholar
  7. 7.
    F Bellard. Qemu, a fast and portable dynamic translator. In USENIX Annual Technical Conference, pages 41–46, 2005.Google Scholar
  8. 8.
    Peter M. Chen and Brian D. Noble. When virtual is better than real hotos. In Hot Topics in Operating Systems, pages 133– 138, 2001.Google Scholar
  9. 9.
    Jim Chow, Tal Garfinkel, , and Peter M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX Annual Technical Conference, pages 1–14, Boston, Massachusetts, USA, 2008.Google Scholar
  10. 10.
    F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 202–215. IEEE, 2002.Google Scholar
  11. 11.
    George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In OSDI ’02: Proceedings of the 5th symposium on Operating systems design and implementation, pages 211–224, Boston, Massachusetts, USA, 2002. ACM.Google Scholar
  12. 12.
    A. Goel, K. Farhadi K. Po, Z. Li, and E de Lara. The taser intrusion recovery system. In SOSP ’05: Proceedings of the twentieth ACM symposium on Operating systems principles, pages 23–26, Brighton, United Kingdom, 2005. ACM.Google Scholar
  13. 13.
    R. P. Goldberg. Survey of virtual machine research. In IEEE Computer, pages 34–45, june 1974.Google Scholar
  14. 14.
    K. Ingols, R. Lippmann, and K. Piwowarski. Practical attack graph generation for network defense. In In 22nd Annual Computer Security Applications Conference (ACSAC), pages 121–130, Miami Beach, Florida, USA, 2006. IEEE.Google Scholar
  15. 15.
    S. Jajodia, S. Noel, and B. O’Berry. Topological analysis of network attack vulnerability. In Proceedings of the 2nd ACM symposium on Information, computer and communications security, pages 2–2, Singapore, 2007. ACM.Google Scholar
  16. 16.
    Xuxian Jiang, Xinyuan Wang, and Dongyan Xu. Stealthy malware detection through vmm-based “out-of-the-box” semantic view reconstruction. In CCS ’07: Proceedings of the 14th ACM conference on Computer and communications security, pages 128–138, Alexandria, Virginia, USA, 2007. ACM.Google Scholar
  17. 17.
    Samuel T. King and Peter M. Chen. Backtracking intrusions. pages 223–236, 2003.Google Scholar
  18. 18.
    Michael E. Locasto, Angelos Stavrou, Gabriela F. Cretu, and Angelos D. Keromytis. From stem to sead: Speculative execution for automated defense. In USENIX Annual Technical Conference, pages 219–232, 2007.Google Scholar
  19. 19.
    J. NEWSOME and D. SONG. Dynamic taint analysis for automatic detection and analysis and signature generation of exploits commodity software. In Proceedings of the 12th Symposium on Network and Distributed System Security (NDSS), pages 196–206, San Diego, CA, USA, feb 2005.Google Scholar
  20. 20.
    Peng Ning, Yun Cui, and Douglas S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pages 245–254, Washington, DC, USA, 2002. ACM.Google Scholar
  21. 21.
    X. Ou, W. F. Boyer, and M. A. McQueen. A scalable approach to attack graph generation. In CCS ’06: Proceedings of the 13th ACM conference on Computer and communications security, pages 336–345. ACM, 2006.Google Scholar
  22. 22.
    B. Panda and J. Giordano. Reconstructing the database after electronic attacks. In The 12th IFIP 11.3 Working Conference on Database Security, pages 143–156, Greece, Italy, 1998.Google Scholar
  23. 23.
    Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. Lares: an architecture for secure active monitoring using virtualization. In Proceedings of the IEEE Symposium on Security and Privacy, pages 233–247, 2008.Google Scholar
  24. 24.
    Feng Qin, Joseph Tucek, Jagadeesan Sundaresan, and Yuanyuan Zhou. Rx: treating bugs as allergies—a safe method to survive software failures. pages 235–248, 2005.Google Scholar
  25. 25.
    Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, and Jr. William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In OSDI’04: Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, pages 21–21, San Francisco, CA, USA, 2004. USENIX Association.Google Scholar
  26. 26.
    O. Sheyner, J. Haines, R. Lippmann S. Jha, and J. M. Wing. Automated generation and analysis of attack graphs. In In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 273–284. IEEE, 2002.Google Scholar
  27. 27.
    Stelios Sidiroglou, Michael E. Locasto, Stephen W. Boyd, and Angelos D. Keromytis. Building a reactive immune system for software services. In ATEC ’05: Proceedings of the annual conference on USENIX Annual Technical Conference, pages 11–11, Anaheim, CA, USA, 2005. USENIX Association.Google Scholar
  28. 28.
    A. Smirnov and T. Chiueh. Dira: Automatic detection and identification and repair of control-hijacking attacks. In Proceedings of the 12th Symposium on Network and Distributed System Security (NDSS), San Diego, CA, USA, feb 2005.Google Scholar
  29. 29.
    Sudarshan Srinivasan, Christopher Andrews, Srikanth Kandula, and Yuanyuan Zhou. Flashback: A light-weight extension for rollback and deterministic replay for software debugging. In Proceedings of the annual Usenix technical conference, 2004.Google Scholar
  30. 30.
    L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In In DARPA Information Survivability Conference and Exposition II (DISCEX ’01), volume 2, pages 307–321, June 2001.Google Scholar
  31. 31.
    Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In CCS ’07: Proceedings of the 14th ACM conference on Computer and communications security, pages 116–127, Alexandria, Virginia, USA, 2007. ACM.Google Scholar
  32. 32.
    M. Yu, P. Liu, and W. Zang. Self healing workflow systems under attacks. In Proc. 24th IEEE International Conference on Distributed Computing Systems (ICDCS’04), pages 418–425, Tokyo, Japan, 2004. IEEE.Google Scholar

Copyright information

© Springer-Verlag US 2010

Authors and Affiliations

  • Peng Liu
    • 1
  • Xiaoqi Jia
    • 1
  • Shengzhi Zhang
    • 1
  • Xi Xiong
    • 1
  • Yoon-Chan Jhi
    • 1
  • Kun Bai
    • 1
  • Jason Li
    • 2
  1. 1.Pennsylvania State UniversityPlease Provide CityUSA
  2. 2.IAI Inc.Please Provide CityPlease Provide Country

Personalised recommendations