Affiliation:
1. Center for Secure Information Systems George Mason University Fairfax Virginia USA
2. Palo Alto Research Center Palo Alto California USA
Abstract
AbstractFor more than a decade, the notion of attack surface has been used to define the set of vulnerable assets that an adversary may exploit to penetrate a system, and various metrics have been developed to quantify the extent of a system's attack surface. However, most approaches to tackle this problem have failed to consider the complex interdependencies that exist between the many components of a distributed system, its vulnerabilities, and its configuration parameters. In our work, building upon previous research on vulnerability metrics and on graphical models to capture such interdependencies, we propose a novel approach to evaluate the potential risk associated with exposed vulnerabilities by studying how the effect of each vulnerability exploit propagates through chains of dependencies. Our analysis goes beyond the scope of traditional attack surface metrics, and considers the depth and implications of potential attacks, leading to the definition of a new family of metrics, which we refer to as attack volume metrics. We present experimental results illustrating how the proposed metric scales for graphs of realistic sizes, and illustrate its application to real‐world testbeds.
Funder
Defense Advanced Research Projects Agency
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Configuration Security;Encyclopedia of Cryptography, Security and Privacy;2024
2. Shielding Web Application against Cyber-Attacks using SIEM;2023 13th International Conference on Advanced Computer Information Technologies (ACIT);2023-09-21