Modeling Damage Spread, Assessment, and Recovery of Critical Systems

Critical infrastructure systems have recently become more vulnerable to attacks on their data systems through internet connectivity. If an attacker is successful in breaching a system’s defenses, it is imperative that operations are restored to the system as quickly as possible. This thesis focuses on damage assessment and recovery following an attack. A literature review is first conducted on work done in both database protection and critical infrastructure protection, then the thesis defines how damage affects the relationships between data and software. Then, the thesis proposes a model using a graph construction to show the cascading affects within a system after an attack. This thesis also presents an algorithm that uses the graph to compute an optimal recovery plan that prioritizes the most important damaged components first so that the vital modules of the system become functional as soon as possible. This allows for the most critical operations of a system to resume while recovery for less important components is still being performed. The thesis shows results from simulations using the recovery algorithm on data graphs with various parameters. After that, a second model is proposed that accounts for the time elapsed after an attack to perform a more precise damage assessment. By doing this, it can be determined how far damage can spread, then unaffected parts of the system can be released for possible use. Simulations are also done on this model to show the changes in damage assessment when different parameters are altered

Optimized Damage Assessment and Recovery through Data Categorization in Critical Infrastructure system.

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and recovery are carried out as quickly as possible. To be an efficient system, it should reduce the impact by reducing the number of nodes undergoing service degradation. In general, the damage assessments include accessing and assessing log information which is very costly in terms of time spent and IO reads. A generic model thus should be very optimal in suggesting smaller number of assessments as possible and at the same time reduce the number of nodes undergoing unnecessary service degradations. This thesis investigates the CI systems in depth to optimize the damage assessment and recovery process so that it could help in resuming the operations of as many safe data items as quickly as possible. It also focuses on reducing the load imposed in terms of number of nodes towards damage assessment and recovery procedures through the proposed optimization model. The quick identification and categorization of the type of data items as damaged, undamaged, or skeptical within the impacted CI system is the key factor which makes this model highly efficient and helps this model to project better performance. The developed model and its algorithm have been implemented on a simulated data and environment whose results shows that the proposed model performs well in terms of time, speed, accuracy, complexity, efficiency, and performance