Comparing Electronic Battlefields: Using Mean Time-To-Compromise as a Comparative Security Metric

Leversage, David John; Byres, Eric James

doi:10.1007/978-3-540-73986-9_18

David John Leversage³ &
Eric James Byres⁴

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1))

Included in the following conference series:

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

678 Accesses
9 Citations

Abstract

The ability to efficiently compare differing, security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a methodology for estimating the mean time-to-compromise (MTTC) of a target device or network as a comparative metric. A topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM). We then employ a SSM based on models used in the biological sciences to predict animal behavior in the context of predator prey relationships. Markov chains identify predominant attacker strategies which are used to build the MTTC intervals which can be compared for a broad range of mitigating actions. This allows security architects and managers to intelligently select the most effective solution, based on the lowest cost/MTTC ratio that still exceeds a benchmark level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Desborough, L., Miller, R.: Increasing Customer Value of Industrial Control Performance Monitoring — Honeywell’s Experience. In: Proc. 6th Int. Conf. on Chemical Process Control (CPC VI), pp. 172–192 (2001)
Google Scholar
Jonsson, E., Olovsson, T.: A Quantitative Model of the Security Intrusion Process Based on Attacker Behaviour. IEEE Transactions on Software Engineering 23(4) (1997)
Google Scholar
http://archives.neohapsis.com/archives/sf/honeypots/2002-q3/0032.html
McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Time-to-Compromise Model for Cyber Risk Reduction Estimation. In: First Workshop on Quality of Protection (2005)
Google Scholar
McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS) (2006)
Google Scholar
IEC TR 62210: Power System Control and Associated Communications — Data and Communication Security. International Electrotechnical Commission (2003)
Google Scholar
ISA-99.00.01: Security for Industrial Automation and Control Systems Part 1: Concepts, Terminology and Models (Draft). International Society for Measurement and Control (ISA) (2006)
Google Scholar
ISA-99.00.02: Security for Industrial Automation and Control Systems Part 2: Establishing an Industrial Automation and Control System Security Program (Draft). International Society for Measurement and Control (ISA) (2006)
Google Scholar
UL 687: Standard for Safety Burglary-Resistant Safes. Underwriters Laboratories Inc. (2005)
Google Scholar
Gorman, S., Kulkarni, R., Schintler, L., Stough, R.: A Predator Prey Approach to the Network Structure of Cyberspace. In: ACM International Conference Proceeding Series, vol. 58 (2004)
Google Scholar
http://www.metasploit.com.
Rescorla, E.: Is Finding Security Holes a Good Idea. IEEE Security & Privacy (2005)
Google Scholar
Manadhata, P., Wing, J.: Measuring A System’s Attack Surface. Technical Report CMU-CS-04-102, School of Computer Science, Carnegie Mellon University (2004)
Google Scholar
Wool, A., A quantitative study of firewall configuration errors. IEEE Computer Magazine, IEEE Computer Society, 62–67 (2004)
Google Scholar
Byres, E., Franz, M., Miller, D. The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshop (IISW), IEEE, Los Alamitos (2004)
Google Scholar
RFC 3552: Security Considerations Guidelines. Internet Engineering Task Force (2003)
Google Scholar
http://www.cert.org/
DNP3 Documentation Library, http://www.dnp.org/
http://www.honeynet.org/

Download references

Author information

Authors and Affiliations

British Columbia Institute of Technology, 3700 Willingdon Avenue, Burnaby, B.C., V5G 3H2, Canada
David John Leversage
Byres Security Inc., P.O. Box 178, Lantzville, B.C., V0R 2H0, Canada
Eric James Byres

Authors

David John Leversage
View author publications
You can also search for this author in PubMed Google Scholar
Eric James Byres
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, St. Petersburg, 199178, Russia
Vladimir Gorodetsky & Igor Kotenko &
US Air Force, Binghamton University (SUNY), Binghamton, NY, 13902, USA
Victor A. Skormin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Leversage, D.J., Byres, E.J. (2007). Comparing Electronic Battlefields: Using Mean Time-To-Compromise as a Comparative Security Metric. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_18

Download citation

DOI: https://doi.org/10.1007/978-3-540-73986-9_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics