MulVAL extensions II

PDF

Authors
  1. Froh, M.
  2. Henderson, G.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Bell Security Solutions Inc, Ottawa Ont (CAN)
Abstract
A Logic-based Network Security Analyzer is a general networked system tool that reasons on multi-stage, multi-host attack paths. This work proposes extensions to MulVAL that are needed in order to have MulVAL reason on exposed critical resources in support of computer network defence situational awareness. Extensions are proposed to model high-level mission centric IT Services. These services are then mapped onto MulVAL using a simple dependency model. The concept of safeguard effectiveness and safeguard vulnerability is introduced, which will model the additional work effort required for an attacker to circumvent the safeguard. A proposed risk approximation for MulVAL is defined as a function of the variables WorkFactor, AttackConsequence, and AssetValue. This function and its values will need to be developed heuristically. The calculation of risk will allow the ranking of MulVAL generated attack paths to provide better reasoning on exposed critical resources.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-CR-2009-132 — Contractor Report
Date of publication
01 Aug 2009
Number of Pages
90
DSTKIM No
CA032869
CANDIS No
532083
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: