Samuel Dubus

Risk-Aware Framework for Activating and Deactivating Policy-Based Response

With the growth of modern systems and infrastructures, automated and intelligent response systems become the holy grail of the security community. An interesting approach proposes to use dynamic access control policies to specify response policies for such systems. These policies should been forced when an ongoing attack, that threatens the monitored system, is detected. However, existing work do not present a clear methodology to specify the Response policies. In particular, the deactivation issue is not yet tackled. In this paper, we first present how to specify response policies. Second, a risk-aware framework is proposed to activate and deactivate response policies. Hence, the success likelihood of the threat, and the cumulative impact of both of the threat and the response, are all considered.

Operational security assurance evaluation in open infrastructures

Measuring and evaluating cyber security is of primary importance in IT systems. The fundamental need to assess security choices validity and effectiveness is growing. One of the main accepted approaches to this problem is a standardized offline security assurance evaluation. But, this method is static, time consuming and does not scale well to complex and dynamic Telco systems. As such, it does not apply to a continuous security assurance assessment for todays complex operational systems. In this paper, we present a methodology together with the required tools for the operational security assurance assessment of Telco services. Our methodology enables (i) the definition and instantiation of a security Assurance Profile, and (ii) the use of a flexible measurement framework and a security cockpit for operational assurance metrics evaluation. The Assurance Profile provides a framework to the security expert community in order to collect descriptions and architectures of typical security mechanisms, and establish best practices on operational security assurance requirements and measurements for these architectures. The distributed dedicated measurement framework and the security assurance cockpit, as integral parts of the operational assurance assessment process, provide specifically adapted tools to evaluate operational security assurance on targeted systems.

Situation Calculus and Graph Based Defensive Modeling of Simultaneous Attacks

Recent attacks are better coordinated, difficult to discover, and inflict severe damages to networks. However, existing response systems handle the case of a single ongoing attack. This limitation is due to the lack of an appropriate model that describes coordinated attacks. In this paper, we address this limitation by presenting a new formal description of individual, coordinated, and concurrent attacks. Afterwards, we combine Graph Theory and our attack description in order to model attack graphs that cover the three attacks types. Finally, we show how to automatically generate these attack graphs using a logical approach based on Situation Calculus.

Towards dynamic risk management: Success likelihood of ongoing attacks

The proliferation of sophisticated cyberattacks, coupled with the steady growth of information and communication technology (ICT) systems in size and complexity, provides motivation for continuous improvements in security management. For day-to-day operation, security officers and administrators need an effective response (or decision aid) system to handle ongoing cyberattacks. Effective countermeasures must minimize the risks induced by these attacks, noting that the risk is evaluated as a function of the success likelihood and the impact of an attack. In this paper, we demonstrate how to dynamically calculate the success likelihood (SL) for an ongoing attack by considering the progress of an attacker towards his objective. Afterwards, we present a response/decision aid system based on the SL metric. Finally, we present the Success Likelihood Assessment Module (SLAM), which implements and highlights the relevance of our work for real time security management. This paper focuses on the operational aspects of a security by design approach.

Methodology for Service-Oriented Management of Security Assurance in Communication Infrastructures

We describe in this paper a six step methodology can help to gain security assurance of communication services in a continuous way. The preparatory steps model the service and select relevant metrics to measure the basic assurance on infrastructure objects. During the operational steps, measures are gathered, aggregated along the model, evaluated and displayed in real-time. A five-level assurance taxonomy is proposed, providing evaluation criteria facilitating the metric design and the interpretation of the aggregated assurance.

Intelligent response system to mitigate the success likelihood of ongoing attacks

Intrusion response models and systems have been recently an active field in the security research. These systems rely on a fine diagnosis to perform and optimize their response. In particular, previous papers focus on balancing the cost of the response with the impact of the attack. In this paper, we present a novel attack response system, based on the assessment of the likelihood of success of attack objectives. First, the ongoing potential attacks are identified, and their success likelihood are calculated dynamically. The success likelihood depends mainly on the progress of the attack and the state of the monitored system. Second, candidate countermeasures are identified, and their effectiveness in reducing the pre-calculated success likelihood are assessed. Finally, the candidate countermeasures are prioritized.

Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes

Diagnosing accidental and malicious events in an industrial control system requires an event model with specific capacities. Most models are dedicated to either safety or security but rarely both. And the latter are developed for objectives other than diagnosis and therefore unfit for this task. In this paper, we propose an event model considering both safety and security events, usable in real-time, with a probabilistic measure of on-going and future events. This model is able to replace alerts in the context of more global scenarios, including with reinforcements or conflicts between safety and security. The model is then used to provide an analysis of some of the security and safety events in the Taum Sauk Hydroelectric Power Station.

Towards a Temporal Response Taxonomy

Response systems play a growing role in modern security architectures. In order to select the most effective countermeasure, they adopt a dynamic and situation-aware approach. However, today’s response systems are limited to the selection procedure. In other words, the follow-up and the deactivation phases are still performed manually. Consequently, existing response taxonomies failed to provide an appropriate set of requirements that covers the deactivation feature. In this paper, we tackle this issue by proposing a formal temporal taxonomy for response measures. Furthermore, we present an application of our work in the context of simultaneous attacks. This work provides a first step towards the deactivation and the transactional management of response measures.

Elementary Risks: Bridging Operational and Strategic Security Realms

Risk management is widely used in order to evaluate and treat prominent risks for organizations. Such models are rather organizational (business-aware) than technical, and enable security officers to manage risks on the long run. However, both ICT systems and threat landscape do not cease to evolve, and dynamic cyber security management becomes paramount to address potential breaches. The operational security management is based on technical processes, executed by administrators who are not necessarily aware of organizations business and strategic aspects. This gap between technical and organizational levels renders traditional risks assessment methods cumbersome and obsolete. In this paper, we propose a novel concept of Elementary Risk (ER) that represents a quantum of risk for an organization. Composite Risks (CRs) are then calculated and presented for the security officer. CR enables dynamic calculation of organizational risk posture while considering the systems state. Moreover, ER and CR enable capture the contribution of technical elements (e.g. vulnerability, server) or security measures (e.g. patch, firewall rule) to the overall risk profile of the organization.

Coordination and Concurrency Aware Likelihood Assessment of Simultaneous Attacks

To avoid improper responses against attacks, current systems rely on Attack Likelihood metric. Referring to NIST, Attack Likelihood considers: the attack’s complexity, the attackers’ motivation, and potential responses. Previous work on Likelihood assessment are limited to individual attacks, missing thereby coordination and concurrency aspects between attackers. Moreover, they do not fulfill all NIST factors. Hence, we propose in this paper a new framework to properly assess the Likelihood of Individual, Coordinated, and Concurrent Attack Scenarios (LICCAS). We are first based on a coordination aware-Game Theoric approach to derive an Attack Likelihood equation. Then, we propose an algorithm to assess the Scenario Likelihood of each attack scenario, considering the concurrency between attackers. We finally experiment LICCAS on a VoIP use case to demonstrate its relevance.