Optimal Security Hardening over a Probabilistic Attack Graph: A Case Study of an Industrial Control System using CySecTool
dc.contributor.author | Buczkowski, P | en_US |
dc.contributor.author | Malacaria, P | en_US |
dc.contributor.author | Hankin, C | en_US |
dc.contributor.author | Fielder, A | en_US |
dc.date.accessioned | 2023-02-17T10:19:25Z | |
dc.date.issued | 2022-04-28 | en_US |
dc.identifier.uri | https://qmro.qmul.ac.uk/xmlui/handle/123456789/84505 | |
dc.description.abstract | CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating privileges, and controls reduce the probabilities of some vulnerabilities being exploited. The tool builds on an optimisation algorithm published by Khouzani et al., enabling a user to quickly create, edit, and incrementally improve models, analyse results for given portfolios and display the best solutions for all possible budgets in the form of a Pareto frontier. A case study was performed utilising a system graph and suspected attack paths prepared by industrial security engineers based on an industrial source with which they work. The goal of the case study is to model a supervisory control and data acquisition (SCADA) industrial system which, due to having a potential to harm people, necessitates strong protection while not allowing to use of typical penetration tools like vulnerability scanners. Results are analysed to show how a cyber-security analyst would use CySecTool to store cyber-security intelligence and draw further conclusions. | en_US |
dc.format.extent | 21 - 30 (10) | en_US |
dc.publisher | Association for Computing Machinery | en_US |
dc.rights | This item is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. | |
dc.rights | Attribution 3.0 United States | * |
dc.rights.uri | http://creativecommons.org/licenses/by/3.0/us/ | * |
dc.subject | industrial control system | en_US |
dc.subject | multi-objective optimisation | en_US |
dc.subject | cybersecurity risk assessment tool | en_US |
dc.subject | threat modelling | en_US |
dc.subject | probabilistic attack graph | en_US |
dc.title | Optimal Security Hardening over a Probabilistic Attack Graph: A Case Study of an Industrial Control System using CySecTool | en_US |
dc.type | Conference Proceeding | |
dc.rights.holder | © 2022 Owner/Author | |
dc.identifier.doi | 10.1145/3510547.3517919 | en_US |
pubs.notes | Not known | en_US |
pubs.publication-status | Published | en_US |
pubs.publisher-url | https://dl.acm.org/doi/10.1145/3510547.3517919 | en_US |
rioxxterms.funder | Default funder | en_US |
rioxxterms.identifier.project | Default project | en_US |
Files in this item
Files | Size | Format | View |
---|---|---|---|
There are no files associated with this item. |
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as This item is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.