1,720,963 research outputs found
Unbounded Average Risk: Risk Management and Modeling of Billing Infrastructures
No full textThis paper discusses risk modeling and risk management in information and communications technology (ICT) systems for which the attack impact distribution is heavy tailed (e.g., power law distribution) and the average risk is unbounded. Systems with these properties include billing infrastructures used to charge customers for services they access. Attacks against billing infrastructures can be classified as peripheral attacks and backbone attacks. The goal of a peripheral attack is to tamper with user bills; a backbone attack seeks to seize control of the billing infrastructure. The probability distribution of the overall impact of an attack on a billing infrastructure also has a heavy-tailed curve. This implies that the probability of a massive impact cannot be ignored and that the average impact may be unbounded – thus, even the most expensive countermeasures would be cost effective. Consequently, the only strategy for managing risk is to increase the resilience of the infrastructure by employing redundant component
CONSTRAINED FINITE STATE AUTOMATA FOR RISK ANALYSIS AND ASSESSMENT,
No full textConditional security assesses the security of an
information and communication system in a specific context. A
fundamental step of the assessment determines the threats of a
system and the attack they can implement. Constrained attack
automata are finite state automata to formally describe this step by
decomposing complex attacks into sequences of elementary attacks.
Each state of the automata corresponds to a set of components of
the system controlled by the attacker while a final state models the
success of a sequence of attacks that has enabled a threat to reach
one of its goals. Each transition of the automata can occur provided
that some constrains on the amount of computational resources, the
skills and the knowledge required to implement the corresponding
elementary attack are satisfied. To exploit these automata, each
threat is modeled in terms of the amount of computational
resources, skills and knowledge it can access. In turn, this amount is
modeled as a tuple of elements where each element belongs to a
partially ordered set. By comparing the amount of resources a threat
can access against that an attack requires, we determine whether the
threat can implement the attack. The attacks that can occur are an
input of a risk mitigation step that defines static and dynamic
countermeasures to be applied. A static countermeasure prevents
the successful execution of an attack by removing a vulnerability
and it is modeled by pruning some automata transitions. Instead,
dynamic countermeasures are modeled as actions executed as the
attack goes on to stop it. Lastly, we discuss redundancy to take into
account error or fault in countermeasure implementation
- …
