Chris B. Simmons

Use of Attack Graphs in Security Systems

Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

ADAPT: A Game Inspired Attack-Defense and Performance Metric Taxonomy

Game theory has been researched extensively in network security demonstrating an advantage of modeling the interactions between attackers and defenders. Game theoretic defense solutions have continuously evolved in most recent years. One of the pressing issues in composing a game theoretic defense system is the development of consistent quantifiable metrics to select the best game theoretic defense model. We survey existing game theoretic defense, information assurance, and risk assessment frameworks that provide metrics for information and network security and performance assessment. Coupling these frameworks, we propose a game theoretic approach to attack-defense and performance metric taxonomy (ADAPT). ADAPT uses three classifications of metrics: (i) Attacker, (ii) Defender (iii) Performance. We proffer ADAPT with an attempt to aid game theoretic performance metrics. We further propose a game decision system (GDS) that uses ADAPT to compare competing game models. We demonstrate our approach using a distributed denial of service (DDoS) attack scenario.

A Holistic Game Inspired Defense Architecture

Ad-hoc security mechanisms are effective in solving the particular problems they are designed for, however, they generally fail to respond appropriately under dynamically changing real world scenarios. We discuss a novel holistic security approach which aims at providing security using a quantitative decision making framework inspired by game theory. We consider the interaction between the attacks and the defense mechanisms as a game played between the attacker and the defender. We discuss one implementation of our holistic approach, namely, game inspired defense architecture in which a game decision model decides the best defense strategies for the other components in the system.

A qualitative analysis of an ontology based issue resolution system for cyber attack management

Cyber-attacks are increasing at an alarming rate and the attackers have progressively improved in devising attacks towards specific targets. To further develop the area of cyber-attack communication, we propose an ontology based issue resolution system used to identify and defend against cyber-attacks. The issue resolution system (IRS) facilitates attack discovery and suggestive defenses for a small to medium sized organizations. We validate our IRS Ontology using qualitative study of security expert professionals and highlight future work intended to simulate the IRS in a virtual attack test environment.

Knowledge Management in Global Software Development

In todays global economy, shrinking business cycles and global competetition are changing the landscape of software development. Frequently, multiple and geographically dispersed development teams are working together on large complex software systems. The complexity of global software development (GSD) warrants investigation into practices for building highly effective geographically diverse teams. GSD introduces challenges such as physical distance, time-zone differences, and diversity of languages and cultures. Frequently, different parts of an organization might use different terms and naming schemes and may have unique ways of expressing concepts. Knowledge of dependencies between software components and a variety of technical platforms must be recognized and shared across the organization. Such a global environment requires a high degree of collaboration and knowledge sharing. The use of a flexible, user-friendly knowledge management system that allows natural language query processing across knowledge captured throughout the software development lifecycle (SDLC) is required to improve knowledge sharing and reuse. A variety of knowledge management techniques can be introduced into the SDLC to enhance the understanding and knowledge sharing between dispersed team members. Within the commercial realm, applications to capture and effectively disseminate knowledge are becoming more prevalent; however, many are specific to a business domain rather than focused on facilitating knowledge sharing across the SDLC. A high level design of a system that provides an integrated view of work products extracted from different sources in the enterprise, providing “just in times” knowledge to the user either through explicit search capabilities or through intelligence-based alerting that notifies users of new knowledge, is proposed. Our proposed KMS architecture seeks to facilitate a knowledge sharing environment by stressing ease of retrieval through natural language querying and proactive notification. The KMS should be designed to present the most relevant knowledge to the user. With knowledge stored in a variety of formats and on different technical platforms, it is imperative that a tool be provided that will be able to integrate and correlate knowledge from different sources and enable ease of extraction.