Abstract
The ability to efficiently compare differing, security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a methodology for estimating the mean time-to-compromise (MTTC) of a target device or network as a comparative metric. A topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM). We then employ a SSM based on models used in the biological sciences to predict animal behavior in the context of predator prey relationships. Markov chains identify predominant attacker strategies which are used to build the MTTC intervals which can be compared for a broad range of mitigating actions. This allows security architects and managers to intelligently select the most effective solution, based on the lowest cost/MTTC ratio that still exceeds a benchmark level.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Desborough, L., Miller, R.: Increasing Customer Value of Industrial Control Performance Monitoring — Honeywell’s Experience. In: Proc. 6th Int. Conf. on Chemical Process Control (CPC VI), pp. 172–192 (2001)
Jonsson, E., Olovsson, T.: A Quantitative Model of the Security Intrusion Process Based on Attacker Behaviour. IEEE Transactions on Software Engineering 23(4) (1997)
http://archives.neohapsis.com/archives/sf/honeypots/2002-q3/0032.html
McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Time-to-Compromise Model for Cyber Risk Reduction Estimation. In: First Workshop on Quality of Protection (2005)
McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS) (2006)
IEC TR 62210: Power System Control and Associated Communications — Data and Communication Security. International Electrotechnical Commission (2003)
ISA-99.00.01: Security for Industrial Automation and Control Systems Part 1: Concepts, Terminology and Models (Draft). International Society for Measurement and Control (ISA) (2006)
ISA-99.00.02: Security for Industrial Automation and Control Systems Part 2: Establishing an Industrial Automation and Control System Security Program (Draft). International Society for Measurement and Control (ISA) (2006)
UL 687: Standard for Safety Burglary-Resistant Safes. Underwriters Laboratories Inc. (2005)
Gorman, S., Kulkarni, R., Schintler, L., Stough, R.: A Predator Prey Approach to the Network Structure of Cyberspace. In: ACM International Conference Proceeding Series, vol. 58 (2004)
Rescorla, E.: Is Finding Security Holes a Good Idea. IEEE Security & Privacy (2005)
Manadhata, P., Wing, J.: Measuring A System’s Attack Surface. Technical Report CMU-CS-04-102, School of Computer Science, Carnegie Mellon University (2004)
Wool, A., A quantitative study of firewall configuration errors. IEEE Computer Magazine, IEEE Computer Society, 62–67 (2004)
Byres, E., Franz, M., Miller, D. The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshop (IISW), IEEE, Los Alamitos (2004)
RFC 3552: Security Considerations Guidelines. Internet Engineering Task Force (2003)
DNP3 Documentation Library, http://www.dnp.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leversage, D.J., Byres, E.J. (2007). Comparing Electronic Battlefields: Using Mean Time-To-Compromise as a Comparative Security Metric. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)