Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Scalable and Adaptable Security Modelling and Analysis, Thesis of Computer Science

Dr. Bhim Rao Ambedkar UniversityComputer Science

Existing security models suffer from security problem. This thesis aims to develop security models that can scale to large number of network components

Typology: Thesis

2016/2017

Uploaded on 05/27/2017

sreeram-r
sreeram-r 🇮🇳

5

(2)

3 documents

1 / 232

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Scalable and Adaptable Security Modelling and
Analysis
A thesis
submitted in partial fulfilment
of the requirements for the Degree
of
Doctor of Philosophy
in the
University of Canterbury
by
Jin Bum Hong
Supervision and Examining Committee
Dr. Dong Seong Kim Supervisor
Prof. Yang Xiang External Examiner
Prof. Paul Watters External Examiner
Department of Computer Science and Software Engineering
University of Canterbury
2015
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Scalable and Adaptable Security Modelling and Analysis and more Thesis Computer Science in PDF only on Docsity!

Scalable and Adaptable Security Modelling and

Analysis

A thesis

submitted in partial fulfilment

of the requirements for the Degree

of

Doctor of Philosophy

in the

University of Canterbury

by

Jin Bum Hong

Supervision and Examining Committee Dr. Dong Seong Kim Supervisor Prof. Yang Xiang External Examiner Prof. Paul Watters External Examiner

Department of Computer Science and Software Engineering

University of Canterbury

models. The complexity analysis showed that the hierarchical security model has better or equivalent complexities in all phases of the lifecycle in comparison to existing security models, while the performance analysis showed that in fact it is much more scalable in practical network scenarios. To achieve goal (ii), security assessment methods based on importance mea- sures are developed. Network centrality measures are used to identify important hosts in the networked systems, and security metrics are used to identify important vulnerabilities in the host. Also, new network centrality measures are developed to improvise the lack of accuracy of existing network centrality measures when the attack scenarios consist of attackers located inside the networked system. Im- portant hosts and vulnerabilities are identified using efficient algorithms with a polynomial time complexity, and the accuracy of these algorithms are shown as nearly equivalent to the naive method through experiments, which has an expo- nential complexity. To achieve goal (iii), unknown attacks are incorporated into the hierarchical security model and the combined effects of both known and unknown attacks are analysed. Algorithms taking into account all possible attack scenarios associ- ated with unknown attacks are used to identify significant hosts and vulnerabili- ties. Approximation algorithms based on dynamic programming and greedy al- gorithms are also developed to improve the performance. Mitigation strategies to minimise the effects of unknown attacks are formulated on the basis of significant hosts and vulnerabilities identified in the analysis. Results show that mitigation strategies formulated on the basis of significant hosts and vulnerabilities can sig- nificantly reduce the system risk in comparison to randomly applying mitigations. In summary, the contributions of this thesis are: (1) the development and eval- uation of the hierarchical security model to enhance the scalability and adapt- ability of security modelling and analysis; (2) a comparative analysis of security models taking into account scalability and adaptability; (3) the development of security assessment methods based on importance measures to identify important hosts and vulnerabilities in the networked system and evaluating their efficien- cies in terms of accuracies and performances; and (4) the development of security analysis taking into account unknown attacks, which consists of evaluating the combined effects of both known and unknown attacks.

Publications Arising from this Thesis

Much of the work contained in this thesis has been published or submitted in peer-reviewed conferences and journals listed below. Unpublished work and preprint versions are included in the appendicies. Each publications are noted in parentheses for the corresponding chapters.

  1. Hong, J. and Kim, D.; “HARMs: Hierarchical Attack Representation Mod- els for Network Security Analysis” in Proc. of the 10th Australian Informa- tion Security Management Conference in SECAU Security Congress (SE- CAU 2012), Dec. 2012. Perth, Australia, 74-81. (Chapters 2 and 3)
  2. Hong, J. and Kim, D.; “Performance analysis of scalable attack represen- tation models” in Proc. of the 28th IFIP TC-11 International Information Security and Privacy Conference (SEC 2013), Jul. 2013. Auckland, New Zealand, 330-343. (Chapter 4)
  3. Hong, J. and Kim, D. and Takaoka, T.; “Scalable Attack Representation Model Using Logic Reduction Techniques” in Proc. of the 12th IEEE In- ternational Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2013), Jul. 2013. Melbourne, Australia, 404 -
    1. (Chapter 2)
  4. Hong, J. and Kim, D.; “Scalable Security Analysis in Hierarchical Attack Representation Model using Centrality Measures” in Proc. of the 43rd An- nual IEEE/IFIP International Conference on Dependable Systems and Net- works Workshop (DSNW 2013), Jun. 2013. Budapest, Hungary, 1 - 8. (Chapter 7)
  5. Hong, J. and Kim, D.; “Scalable Security Model Generation and Analysis using k-importance Measure” in Proc. of the 9th International Conference on Security and Privacy in Communication Networks (SecureComm 2013), Sep 2013. Sydney, Australia, 270-287. (Chapters 3 and 6)

Acknowledgments

I would like to express my gratitude to everyone who supported me throughout the period of creating this thesis in my life. It would have been impossible to complete this thesis without their support, encouragement, and guidance. First of all, thank you to my supervisor, Dr. Dong-Seong Kim, for your guid- ance, support, encouragement, and wisdom throughout the research process. You have enlightened me with many groundbreaking ideas that form the skeleton of this thesis, and I most certainly could not have completed this project without you. Thanks also to Professor Tadao Takaoka, my co-supervisor, for your vast knowledge in algorithms, as well as for continuously checking my progress and providing moral support for all these years. Thanks to senior research advisors of NRG and SRG, Professor Kryzsztof Pawlikowski, Dr. Andreas Willig, Dr. Greg Ewing, and Professor Don McNickle, for your guidance and technical discussions that further enriched the completeness of this thesis. Thanks to my parents for raising me here in New Zealand, where I have learned to be open minded and independent through good times and rough times. Thanks to JK and Jen for being a lovely brother and sister, I definitely enjoy times talking about other (very random) topics than computers. Thank you Hannah Vu, for supporting me during my research, for your efforts of comforting me when I am stressed, for your ever so delicious home-made food, and finally for all the good and rough times we went through together, as well as ones to come. I would have never been the same without you. Thank you to my DS lab, as well as NRG and SRG colleagues (Fangcheng (T), Saima, Ehsan, and Amir) for many interesting talks and discussions. Finally, thank you to all others that I received guidance, idea, and support from. Your valuable time spent has made a significant contribution to this thesis. This thesis was partially funded by the Todd Foundation Awards for Excel- lence and the G B Battersby-Trimble Scholarship. Financial support for confer- ence travel was partially provided by the Claude McCarthy Fellowship.

vii

Appendix A: Submitted Publication: Security Assessment and Miti- gation of Unknown Attacks 213

Appendix B: Draft Publication: Performance Analysis of Graph-based Security Models 227

Appendix C: Draft Publication: Assessing the Effectiveness of Moving Target Defenses using Security Models 253

Appendix D: Draft Publication: Survey of Graph-based and Tree-based Security Models 269

vi

5.6 Performance comparison between AG and HARM when deploy-

List of Tables

  • Chapter 1: Introduction List of Tables xi
    • 1.1 Research Goals
    • 1.2 Research Contributions
    • 1.3 Thesis Structure
  • I Introduction to Hierarchical Security Models
  • Chapter 2: Hierarchical Security Model (HARM)
    • 2.1 Security Models and Their Developments
    • 2.2 A Need for a Scalable and Adaptable Security Model
      • 2.2.1 An Example Networked System
    • 2.3 Formalism of the HARM
      • 2.3.1 Formalism of the HARM structures
      • 2.3.2 Formalism of the HARM transformations
    • 2.4 Tools and Methods to Generate Security Models
    • 2.5 Security Analysis using the HARM
      • 2.5.1 Security Analysis of Graph-based Security Models
      • 2.5.2 Security Analysis of Tree-based Security Models
    • 2.6 Summary
  • II Comparative Analysis of Security Models
  • Chapter 3: Complexity Analysis
    • 3.1 Complexity Analysis of the Generation Phase
      • 3.1.1 Generating AG, AT, and HARM
      • 3.1.2 Generating Other Security Models
    • 3.2 Complexity Analysis of the Representation Phase
      • 3.2.1 Representing AG, AT, and HARM
      • 3.2.2 Representing Other Security Models
    • 3.3 Complexity Analysis of the Evaluation Phase
      • 3.3.1 Evaluating AG, AT, and HARM
      • 3.3.2 Evaluating Other Security Models
    • 3.4 Complexity Analysis of the Modification Phase
      • 3.4.1 Modifying AG, AT, and HARM
      • 3.4.2 Modifying Other Security Models
    • 3.5 Structural Advantages of the HARM
    • 3.6 Conclusions
  • Chapter 4: Scalability Analysis
    • 4.1 Key Questions to Compare Scalability
      • 4.1.1 Generation Phase
      • 4.1.2 Evaluation Phase
    • 4.2 Simulation Results
      • 4.2.1 Experiment 4A: Simple Network Topologies
      • 4.2.2 Experiment 4B: Combined Network Topologies
    • 4.3 Discussions
      • 4.3.1 Scalability of Security Models in the Lifecycle Phases
      • 4.3.2 Network Structure and Attack Scenarios
      • 4.3.3 Real Testbed Experiments
      • 4.3.4 Comparisons with Other Security Models
      • 4.3.5 Differences between the AG and HARM
      • 4.3.6 Security Evaluation and Overhead
    • 4.4 Conclusions
  • Chapter 5: Adaptability Analysis
    • 5.1 Preliminaries
      • 5.1.1 A Virtualised System
      • 5.1.2 Categorising the MTD techniques
      • 5.1.3 Securing attack paths
      • 5.1.4 Computing the Importance Measures
    • 5.2 Shuffle
      • 5.2.1 Incorporating only Shuffle in the HARM
      • 5.2.2 Assessing the Effectiveness of Shuffle
      • 5.2.3 Experiment 5A: Analysing Shuffle
    • 5.3 Diversity
      • 5.3.1 Incorporating only Diversity in the HARM
      • 5.3.2 Assessing the Effectiveness of Diversity
      • 5.3.3 Experiment 5B: Analysing Diversity
    • 5.4 Redundancy
      • 5.4.1 Assessing the Effectiveness of Redundancy
      • 5.4.2 Experiment 5C: Analysing Redundancy
    • 5.5 Discussion
      • 5.5.1 Validation using a Real System
      • 5.5.2 Incorporating Various Vulnerabilities
      • 5.5.3 Optimisation of the IMs w.r.t the MTD techniques
      • 5.5.4 Optimisation between performance and security metrics
      • 5.5.5 Combining multiple MTD techniques
    • 5.6 Related Work on MTD Techniques
    • 5.7 Conclusions
  • III Importance Measure based Security Assessments
  • Chapter 6: Attacker Located Outside the Networked System
    • 6.1 Computing IMs
      • 6.1.1 Ranking Important Hosts
      • 6.1.2 Ranking Important Vulnerabilities
      • 6.1.3 Generating the HARM
    • 6.2 Security Analysis using IMs
      • 6.2.1 Risk Analysis using IMs
    • 6.3 Combining the Importance Measures
      • 6.3.1 Security Analysis using the ES Method
      • 6.3.2 Security Analysis using the Combined IMs
    • 6.4 Simulation Results
      • 6.4.1 Experiment 6A: Effectiveness of IMs
      • 6.4.2 Experiment 6B: Effectiveness of Combined IMs
    • 6.5 Discussion
      • 6.5.1 Vulnerabilities without security metrics
      • 6.5.2 Categorised vulnerability ranking
      • 6.5.3 Network features for k 1 selection
      • 6.5.4 Attack on less important hosts and vulnerabilities
      • 6.5.5 Adjusting the weight between host and vulnerability IMs
      • 6.5.6 Order of vulnerabilities in the PSV
    • 6.6 Related Work on Scalable Security Analysis
    • 6.7 Conclusions
  • Chapter 7: Attacker Located Inside the Networked System
    • 7.1 Security Analysis with Existing IMs
      • 7.1.1 Comparing against the ES method
    • 7.2 Location-based IMs
    • 7.3 Simulation Results
      • 7.3.1 Experiment 7A: Attacker Outside the Networked System
      • 7.3.2 Experiment 7B: Attacker Inside the Networked System
      • 7.3.3 Experiment 7C: Scalability of IMs
    • 7.4 Discussion
      • 7.4.1 Combinations of NCMs
      • 7.4.2 Combining NCMs with Vulnerabilities
      • 7.4.3 Multiple Target Hosts and Locations
    • 7.5 Related Work on Using Network Centrality Measures
    • 7.6 Conclusions
  • IV Effects of Unknown Attacks
  • Chapter 8: Security Assessment of Unknown Attacks
    • 8.1 Security Modelling of unVIP
      • 8.1.1 Classification of Unknown Attacks
      • 8.1.2 An Example Networked System and Attack Scenarios
      • 8.1.3 Incorporate unVIP into the Security Model
    • 8.2 Security Analysis of Systems with unVIP
      • 8.2.1 Security Analysis without unVIP
      • 8.2.2 Security Analysis with unVIP
    • 8.3 unVIP Mitigation Strategies
      • 8.3.1 All Possible Attack Scenarios
      • 8.3.2 Identification of Significant Hosts
      • 8.3.3 Identification of Significant Vulnerabilities
    • 8.4 Experimental Results
      • 8.4.1 Security Analysis
      • 8.4.2 Performance Analysis
    • 8.5 Discussion
      • 8.5.1 unVIP Mitigation Strategies and Effectiveness
      • 8.5.2 Implementation in a Real Testbed
      • 8.5.3 Security Metrics for Assessing Unknown Attacks
    • 8.6 Related Work on Security Assessment of Unknown Attacks
    • 8.7 Conclusions
  • V General Discussion and Conclusions
  • Chapter 9: Discussion
    • 9.1 Research Objectives
    • 9.2 Limitations and Future Work
      • 9.2.1 Properties of the HARM
      • 9.2.2 Scalability and Adaptability
      • 9.2.3 Security Analysis using the HARM
      • 9.2.4 Assessing the Effectiveness of Unknown Attacks
      • 9.2.5 Unknown Attack Modelling
  • Chapter 10: Conclusions
  • References
  • Appendices
  • 5.3 Migration of VMs in the Upper Layer of the HARM
  • 5.4 A CloudBand Model for Simulation
  • 5.5 HARM of the CloudBand Model with five VMs on Each Node
    • ing a VM-LM
    • ploying a VM-LM 5.7 Comparison between the ES method and using the IMs when de-
  • 5.8 Possible Lower Layer ATs for V M 1 with OS Diversity
  • 5.9 An Example Virtualised System for DAP
  • 5.10 OS diversity assignments for our example
  • 5.11 ECC and Risk Changes with Respect to the Number of Nodes
  • 5.12 ECC and Risk Changes with Respect to the Network Density
  • 5.13 ECC and Risk Changes with Respect to the Number of Variants
  • 5.14 Deploying Redundancy Technique in the Virtualised System
    • dancy 5.15 Various Probability of the Attack Success with Respect to Redun-
  • 5.16 Mean-Time-To-Attack with Respect to Redundancy
  • 5.17 Risk and Availability with Respect to Redundancy
  • 6.1 The 2-HARM of the Example Networked System
  • 6.2 The ReHARM of the Example Networked System
  • 6.3 ES Method using the Risk Metric
  • 6.4 Performance of Security Analysis using k 1 values
  • 6.5 Performance of Security Analysis using k 2 values
  • 7.1 Performance of NCMs
  • 7.2 A Networked System for the Second Simulation
  • 7.3 Performance of NCMs with an Inside Attacker
  • 7.4 Performance using AVNC Measures
  • 7.5 Attack Scenario Covering Half of Networked system Hosts
  • 7.6 Evaluation Time for NCMs
  • 8.1 unVIP Attack Scenarios in the Example Networked System
  • 8.2 HARM of the Example Networked System
  • 8.3 Incorporating unVIP in the HARM
  • 8.4 Pseudocode to Analyse all unVIP Scenarios
  • 8.5 Identifying Significant Hosts Algorithm
  • 8.6 Identifying Significant Hosts Approximation Algorithm
  • 8.7 Security Analysis After Hardening a Host in the Networked System
  • 8.8 Identifying Significant Vulnerabilities Algorithm
  • 8.9 Identifying Known Vulnerabilities Approximation Algorithm
  • 8.10 The Networked System for Simulations
  • 8.11 Security Analysis of the Networked System with only UV/UI
  • 8.12 unVIP assumed only in the IN Subnet
  • 8.13 Effect of Patching Vulnerabilities in the Networked System
  • 8.14 UVs in Respect to the System Risk
  • 8.15 Effect of Varying Number of UVs
  • 8.16 Effect of Varying Number of Known Vulnerabilities
  • 2.1 Application of Metrics for Security Models
  • 2.2 Security Models used in Various System Domains
  • 2.3 OS used in Hosts
  • 2.4 Windows 7 Vulnerabilities
  • 2.5 Redhat Enterprise Linux Vulnerabilities
  • 3.1 Computational Complexities of Phases in Security Model Lifecycle
  • 4.1 Answers to Key Questions in the Generation Phase
  • 4.2 Answers to Key Questions in the Evaluation Phase
  • 5.1 Categories of MTD Techniques
  • 5.2 NCMs and Ranking Important VMs
  • 5.3 Total Attack Cost of deploying OS Diversity (in unit dollars)
  • 5.4 System Risk, Reliability and Probability using Redundancy
  • 6.1 NCMs of Hosts in the Example Networked System
  • 6.2 Vulnerability Rankings of W7 Hosts
  • 6.3 Vulnerability Rankings of REL Hosts
  • 6.4 Risk Analysis of Attack Paths
  • 6.5 Risk analysis of attack paths using ReHARM
  • 6.6 Risk-based PSV using the ES Method
  • 6.7 Attack Cost based PSV using the ES Method
  • 6.8 A List of PSV using the TD Method
  • 6.9 A List of PSV using the BU Method
  • 6.10 A List of PSV using the HB Method
  • 6.11 Security Analysis using k 1 values (k 2 = 10)
  • 6.12 Security analysis using k 2 values (k 1 = 1000)
  • 6.13 Comparison of Naive and Optimal Solutions
  • 6.14 Time to Compute the PSV (in seconds)
  • 6.15 Set Coverage in Scenario 3, k =
  • 6.16 Set Coverage in Scenario 4, k = 0 .25
  • 6.17 Set Coverage in Scenario
  • 7.1 Occurrence of Hosts in All Possible Attack Paths
  • 7.2 Occurrence of Vulnerabilities in Attack Paths
  • 7.3 Ranking of Hosts based on AVC Measures
  • 8.1 Details of Hosts
  • 8.2 Possible Attack Scenarios
  • 8.3 System Risk with Two UVs
  • 8.4 Significant Hosts of the Example Networked System
  • 8.5 Arbitrarily Assumed Vulnerabilities
  • 8.6 Significant Vulnerabilities of the Example Networked System