Abstract
Our global information society is based on distributed wide-area networks. Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network-accessible resources from unauthorized access, as well as continuous monitoring and measurement of the network security’s effectiveness. In this paper, we describe the use of Petri nets in modelling network security. We propose a new hierarchical method for modelling network attacks and evaluating effectiveness of the corresponding defences. Our model is called Key-Challenge Petri Net (KCPN).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vulnerability Analysis. In: 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)
Azgomi, M.A., Movaghar, A.: Coloured Stochastic Activity Networks: Definitions and Behaviour. In: 20th Annual UK Performance Engineering Workshop (UKPEW 2004), Bradford, UK, July 7-8, pp. 297-308 (2004)
Azgomi, M.A., Movaghar, A.: A Modelling Tool for Hierarchical Stochastic Activity Networks. In: 11th International Conference on Analytical and Stochastic Modelling Technologies and Applications, ASMTA 2004 (2004)
Azgomi, A., Movaghar, A.: Hierarchical Stochastic Activity Networks: Formal Definitions and Behaviour. International Journal of Simulation, Systems, Science and Technology 6(1-2), 56-66 (2005)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley Longman Publishing Co. Inc., Boston (2002)
Bishop, M., Snyder, L.: The Transfer of Information and Authority in a Protection System. In: ACM Symposium on Operating System Principles, pp. 45–54. ACM, New York (1979)
Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: Towards a Theory of Insider Threat Assessment. In: International Conference on Dependable Systems and Networks, pp. 108-117 (2005)
Dawkins, J., Hale, J.: A Systematic Approach to Multi-Stage Network Attack Analysis. In: Second IEEE International Information Assurance Workshop, pp. 48-56 (2004)
Deavours, D.D., et al.: The Möbius Framework and Its Implementation. IEEE Transactions on Software Engineering 28(10), 956-969 (2002)
Goldman, R.P.: A Stochastic Model for Intrusions. RAID (10), 199–218 (2002)
Goseva-Popstojanova, K., Wang, F., Wang, R., Gong, F., Vaidyanathan, K., Trivedi, K., Muthusamy, B.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: DARPA Information Survivability Conference and Exposition (DISCEX II), pp. 211–221 (2001)
Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., Wang, Y., Wang, X., Stakhanova, N.: Software Fault Tree and Coloured Petri Net-Based Specification, Design and Implementation of Agent-Based Intrusion Detection Systems. International Journal of Information and Computer Security, 109–142 (2007)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 121–130 (2006)
Kiviharju, M., Kinnunen, S., Kärkkäinen, K., Venäläinen, T.: State Machines for Information Systems Security. Lanchester and Beyond – A Workshop on Operational Analysis Methodology, FDF Technical Research Centre Publications no. 11, pp. 71–88 (2006)
Lampson, B.: Protection. In: ACM Operating Systems, Rev., vol. 8, pp. 18–24. ACM, New York (1974)
Li, W., Vaughn, R.B.: Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs. In: IEEE International Symposium on Cluster Computing and the Grid (2006)
Lin, C.-C., Wang, M.-S.: Depth Evaluation Intrusion Detection using Coloured Stochastic Petri Nets. In: Proc. of IEEE International Conference on Intelligence and Security Informatics, pp. 248–250 (2008)
Lipton, R.: The Reachability Problem Requires Exponential Space. Technical Report 62, Yale University (1976)
Madan, B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.: Modeling and Quantification of Security Attributes of Software Systems. In: International Conference on Dependable Systems and Networks, DSN 2002 (2002)
Mayr, E., Meyer, A.: The Complexity of the Finite Containment Problem for Petri Nets. Journal of the Association for Computing Machinery 28(3), 561–576 (1981)
McDermott, J.: Attack Net Penetration Testing. In: 2000 Workshop on New Security Paradigms, pp. 15–21 (2001)
Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)
Mirembe, D., Muyeba, M.: Threat Modelling Revisited: Improving Expressiveness of Attack Nets. In: European Modelling Symposium, pp. 93–98 (2008)
Movaghar, A., Meyer, J.F.: Performability Modeling with Stochastic Activity Networks. In: 1984 Real-Time Systems Symposium, Austin, TX, pp. 215–224 (1984)
Noel, S., Jajodia, S.: Managing Attack Graph Complexity Through Visual Hierarchical Aggregation. In: 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118 (2004)
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transactions on Software Engineering, 633–650 (1999)
Ou, X., Boyer, W.F., McQueen, M.A.: A Scalable Approach to Attack Graph Generation. In: 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)
Sanders, W.H., Meyer, J.F.: METASAN: a Performability Evaluation Tool Based on Stochastic Activity Networks. In: ACM/IEEE-CS Fall Joint Comp. Conference, pp. 807–816 (1986)
Sanders, W.H., et al.: The UltraSAN Modeling Environment. Performance Evaluation 24, 1–33 (1995)
Saunders, J.: Simulation Approaches in Information Security Education. In: 6th National Colloquium for Information System Security Education (2002)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: IEEE Symposium on Security and Privacy, pp. 273–284 (2002)
Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-Attack Graph Generation Tool. In: DARPA Information Survivability Conference & Exposition II, DISCEX 2001, pp. 307–321 (2001)
Templeton, S.J., Levitt, K.: A Requires/Provides Model for Computer Attacks. In: 2000 Workshop on New Security Paradigms, pp. 31–38 (2000)
Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An Attack Graph-Based Probabilistic Security Metric. In: Data and Applications Security XXII, pp. 283–296 (2008)
Yu, D., Frincke, D.: Improving the Quality of Alerts and Predicting Intruder’s Next Goal with a Hidden Colored Petri-Net. Computer Networks 51(3), 632–654 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kiviharju, M., Venäläinen, T., Kinnunen, S. (2009). Towards Modelling Information Security with Key-Challenge Petri Nets. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds) Identity and Privacy in the Internet Age. NordSec 2009. Lecture Notes in Computer Science, vol 5838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04766-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-04766-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04765-7
Online ISBN: 978-3-642-04766-4
eBook Packages: Computer ScienceComputer Science (R0)