CyVar: Extending Var-At-Risk to ICT

Baiardi, Fabrizio; Tonelli, Federico; Bertolini, A.

doi:10.1007/978-3-319-26416-5_4

Cited by 2 publications

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A goal is the set of rights that ag get after reaching the target node n f , and it results in an impact, i.e. a loss for the owner of S [3]. An agent ag can attempt an elementary attack at.…”

Section: Modeling Agentsmentioning

confidence: 99%

Sequential Pattern Mining for ICT Risk Assessment and Prevention

D'Andreagiovanni

Baiardi

Lipilini

et al. 2018

Software Engineering and Formal Methods

Self Cite

View full text Add to dashboard Cite

Security risk assessment and prevention in ICT systems rely on the analysis of data on the joint behavior of the system and its (malicious) users. The Haruspex tool models intelligent, goal-oriented agents that reach their goals through attack sequences. Data is synthetically generated through a Monte Carlo method that runs multiple simulations of the attacks against the system. In this paper, we present a sequential pattern mining analysis of the database of attack sequences. The intended objective is twofold: (1) to exploit the extracted patterns for the design of attack counter-measures, and (2) for gaining a better understanding of the "degree of freedom" available for the attackers of a system. We formally motivate the need for using maximal sequential patterns, instead of frequent or closed sequential patterns, and report on the results on a specific case study.

show abstract

Section: Modeling Agentsmentioning

confidence: 99%

Sequential Pattern Mining for ICT Risk Assessment and Prevention

D'Andreagiovanni

Baiardi

Lipilini

et al. 2018

Software Engineering and Formal Methods

Self Cite

View full text Add to dashboard Cite

show abstract

Twin Based Continuous Patching To Minimize Cyber Risk

Baiardi

Tonelli²

2021

Eur J Secur Res

Self Cite

View full text Add to dashboard Cite

Digital twins are virtual replicas to simulate the behavior of physical devices before they are built and to support their maintenance. We extend this technology to cybersecurity and integrate it with adversary emulation to define a remediation policy that selects and schedules patches for the vulnerabilities of an information and communication infrastructure before threat actors can exploit them. Distinct twins model, respectively, the infrastructure and threat actors. The former twin describes the infrastructure modules, their vulnerabilities, and the elementary attacks actors can implement. The attributes of the twin of a threat actor describe its attack surface, its goals, how it selects attacks, and it handles attack failures. The Haruspex software platform builds the twins of the infrastructure and those of the threat actors, and it automates the emulation of an actor. In this way, it can discover the attack paths the actor implements without disturbing the infrastructure. In each path, the actor composes elementary attacks to reach its goal. Multiple emulations can discover all the paths of an actor by covering stochastic factors such as attack success or failure. The knowledge of these paths enables the remediation policy to minimize the patches to deploy. Since new vulnerabilities continuously become public, new countermeasures are needed. A twin-based approach supports a continuous remediation process to handle changes in the infrastructure, new vulnerabilities, and new threat actors because the platform can update the twins and run adversary emulations. If new attack paths exist, the platform applies the remediation policy. Experimental data confirm the effectiveness of this approach.

show abstract

CyVar: Extending Var-At-Risk to ICT

Cited by 2 publications

References 19 publications

Sequential Pattern Mining for ICT Risk Assessment and Prevention

Sequential Pattern Mining for ICT Risk Assessment and Prevention

Twin Based Continuous Patching To Minimize Cyber Risk

Contact Info

Product

Resources

About