МАТЕМАТИЧНІ МЕТОДИ В КІБЕРБЕЗПЕЦІ: ГРАФИ ТА ЇХ ЗАСТОСУВАННЯ В ІНФОРМАЦІЙНІЙ ТА КІБЕРНЕТИЧНІЙ БЕЗПЕЦІ

This article is devoted to the problem of applying graph theory in cybersecurity systems and is an overview. Widespread penetration of mathematical methods in the development of information technology characterizes the current stage of our society. Among the mathematical methods used in information and cyber security, a large niche is graph technology. A streamlined system of special terms and symbols of graph theory allows you to easily and easily describe complex and subtle things both geometrically and algebraically. A graph is a mathematical model of a wide variety of objects, phenomena, and the relationships between them. This justifies the choice and relevance of this study. The article outlines the main elements of graph theory, the wide scope of their implementation and provides a historical perspective on the development of this theory. The analysis of scientific works allowed to determine the main directions of application of properties, characteristics of graphs and graph algorithms in information and cyber security. Among them are studies related to the use of graphs in information systems and programming; with modeling, analysis and application of attack graphs; with cryptographic transformations; with the construction of a decision tree in decision-making tasks in conditions of risk and uncertainty. It is proved that the ability to operate with the methods of graph technologies contributes to the development of software and hardware for information protection. The considered approaches to the application of graph theory in information and cyber security can be implemented during the study of the discipline "Special methods in security systems: discrete mathematics" for students majoring in 125 Cybersecurity, as well as in training in research or course work or thesis. By increasing the professional orientation of training, future cybersecurity workers gain a thorough knowledge of fundamental disciplines.Дана стаття присвячена проблемі застосування теорії графів в системах кібербезпеки та носить оглядовий характер. Широке проникнення математичних методів у розробку інформаційних технологій характеризує сучасний етап нашого суспільства. Серед математичних методів, що застосовують в інформаційній та кібернетичній безпеці, велику нішу складають графові технології. Струнка система спеціальних термінів і позначень теорії графів дозволяє просто і доступно описувати складні і тонкі речі як геометрично, так і алгебраїчно. Граф є математичною моделлю найрізноманітніших об’єктів, явищ і зв’язків між ними. Цим і обґрунтовано вибір та актуальність даного дослідження. В статті викладено основні елементи теорії графів, широку сферу їх впровадження та проведено історичний ракурс розвитку цієї теорії. Аналіз наукових праць дозволив визначити основні напрями застосування властивостей, характеристик графів та графових алгоритмів в інформаційній та кібернетичній безпеці. Серед них виділено дослідження, пов’язані із застосуванням графів в інформаційних системах та у програмуванні; з моделюванням, аналізом та застосуванням графів атак; з криптографічними перетвореннями; з побудовою дерева рішень у задачах прийняття рішень в умовах ризику і невизначеності. Доведено, що уміння оперувати методами графових технологій сприяє розвитку програмних і технічних засобів захисту інформації. Розглянуті підходи до застосування теорії графів в інформаційній та кібернетичній безпеці можуть бути впроваджені під час вивчення дисципліни «Спеціальні методи в системах безпеки: дискретна математика» для студентів спеціальності 125 Кібербезпека, а також при підготовці фахівців у процесі науково-дослідної роботи або курсової чи дипломної роботи. Підвищуючи професійну спрямованість навчання, майбутні кібербезпечники отримують  ґрунтовні знання фундаментальних дисциплін

IAVS: Intelligent Active Network Vulnerability Scanner

Network security needs to be assured through runtime active evaluating and assessment. However, active vulnerability scanners suffer from serious deficiencies such as heavy scan traffic during the reconnaissance phase, uncertainty in the environment, and heavy reliance on experts. Generating a blind heavy load of attack packets not only causes usage of network resources, but it also increases the probability of detection by target defense systems and causes failure in finding vulnerabilities. Furthermore, environmental uncertainty increases pointless attempts of vulnerability scanners, which wastes time. Utilizing a decision-making method devised for uncertainty conditions, we present Intelligent Active Network Vulnerability Scanner (IAVS). IAVS is implemented as an extension on Hail Mary, the automatic execution mechanism in the Metasploit toolkit. IAVS learns from previous vulnerability exploitation attempts to select exploit codes purposefully. IAVS not only reduces the role of experts in the process of vulnerability testing, but it also decreases the volume of scanning requests during the reconnaissance phase by integrating the reconnaissance and exploitation phases. Our experimental results indicate a successful decrease in failed attempts. It is also demonstrated that improvements in the results of IAVS correspond directly to the rate of similarity among different vulnerabilities in systems of the target network; that is, the higher the similarity, the better the results of IAVS. Our experiments compared the results of IAVS and those of Hail Mary without the IAVS extension; these results show that IAVS improved Hail Marys successful attempts by around 37%.

MAPE-K/MAPE-SAC: An interaction framework for adaptive systems with security assurance cases

Security certification establishes that a given system satisfies properties and constraints as specified in the system security profile. Mechanisms and techniques have been developed to assess if and how well the system complies with the properties, thereby providing a degree of confidence in the security certification. Generally, certification of security controls defined by NIST SP800-53 is performed at design time to provide confidence in a system’s trustworthiness to achieve the organization’s mission and business requirements. Assuring confidence in a self-adaptive system’s security profile is challenging when both functional and security conditions may change at run time. Static security solutions are insufficient, given that dynamic application of defense mechanisms often needs to dynamically adapt security functionality at run time as part of self-protection. This security adaptation may hinder maintaining functional constraints or vice versa. In addition, adaptation capabilities may give rise to the need for dynamic certification, which can be a difficult procedure given the complexity of the security dependencies. Confidence in an information system’s compliance with security constraints can be expressed using security assurance cases (SACs). NIST security controls are defined with a hierarchical structure that makes them amenable to being specified in terms of SACs. A collection of SACs for related security controls form a network that can be used to measure the confidence of security compliance through certification-based evidence. Once the system is deployed, environmental and functional uncertainties may require the coordination of functional and security adaptations. This paper introduces the MAPE-SAC, a security-focused feedback control loop, and its interaction with a MAPE-K, function and performance-focused control loop, to dynamically manage run-time adaptations in response to changes in functional and security conditions. We illustrate the use of both control loops and their interaction with an example of two independent systems that need to cooperate to facilitate autonomous search and rescue in the aftermath of a natural disaster.Computer Scienc

Analysis of Bulk Power System Resilience Using Vulnerability Graph

Critical infrastructure such as a Bulk Power System (BPS) should have some quantifiable measure of resiliency and definite rule-sets to achieve a certain resilience value. Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) networks are integral parts of BPS. BPS or ICS are themselves not vulnerable because of their proprietary technology, but when the control network and the corporate network need to have communications for performance measurements and reporting, the ICS or BPS become vulnerable to cyber-attacks. Thus, a systematic way of quantifying resiliency and identifying crucial nodes in the network is critical for addressing the cyber resiliency measurement process. This can help security analysts and power system operators in the decision-making process. This thesis focuses on the resilience analysis of BPS and proposes a ranking algorithm to identify critical nodes in the network. Although there are some ranking algorithms already in place, but they lack comprehensive inclusion of the factors that are critical in the cyber domain. This thesis has analyzed a range of factors which are critical from the point of view of cyber-attacks and come up with a MADM (Multi-Attribute Decision Making) based ranking method. The node ranking process will not only help improve the resilience but also facilitate hardening the network from vulnerabilities and threats. The proposed method is called MVNRank which stands for Multiple Vulnerability Node Rank. MVNRank algorithm takes into account the asset value of the hosts, the exploitability and impact scores of vulnerabilities as quantified by CVSS (Common Vulnerability Scoring System). It also considers the total number of vulnerabilities and severity level of each vulnerability, degree centrality of the nodes in vulnerability graph and the attacker’s distance from the target node. We are using a multi-layered directed acyclic graph (DAG) model and ranking the critical nodes in the corporate and control network which falls in the paths to the target ICS. We don\u27t rank the ICS nodes but use them to calculate the potential power loss capability of the control center nodes using the assumed ICS connectivity to BPS. Unlike most of the works, we have considered multiple vulnerabilities for each node in the network while generating the rank by using a weighted average method. The resilience computation is highly time consuming as it considers all the possible attack paths from the source to the target node which increases in a multiplicative manner based on the number of nodes and vulnerabilities. Thus, one of the goals of this thesis is to reduce the simulation time to compute resilience which is achieved as illustrated in the simulation results

Realtime Intrusion Risk Assessment Model based on Attack and Service Dependency Graphs

Network services are becoming larger and increasingly complex to manage. It is extremely critical to maintain the users QoS, the response time of applications, and critical services in high demand. On the other hand, we see impressive changes in the ways in which attackers gain access to systems and infect services. When an attack is detected, an Intrusion Response System (IRS) is responsible to accurately assess the value of the loss incurred by a compromised resource and apply the proper responses to mitigate attack. Without having a proper risk assessment, our automated IRS will reduce network performance, wrongly disconnect users from the network, or result in high costs for administrators reestablishing services, and become a DoS attack for our network, which will eventually have to be disabled. In this paper, we address these challenges and we propose a new model to combine the Attack Graph and Service Dependency Graph approaches to calculate the impact of an attack more accurately compared to other existing solutions. To show the effectiveness of our model, a sophisticated multi-step attack was designed to compromise a web server, as well as to acquire root privilege. Our results illustrate the efficiency of the proposed model and confirm the feasibility of the approach in real-time

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

A Stochastic Game Theoretical Model for Cyber Security

The resiliency of systems integrated through cyber networks is of utmost importance due to the reliance on these systems for critical services such as industrial control systems, nuclear production, and military weapons systems. Current research in cyber resiliency remains largely limited to methodologies utilizing a singular technique that is predominantly theoretical with limited examples given. This research uses notional data in presenting a novel approach to cyber system analysis and network resource allocation by leveraging multiple techniques including game theory, stochastic processes, and mathematical programming. An operational network security problem consisting of 20 tactical normal form games provides an assessment of the resiliency of a cyber defender\u27s network by leveraging the solutions of each tactical game to inform transitional probabilities of a discrete-time Markov chain over an attacker- defender state space. Furthermore, the Markov chain provides an assessment of the conditional path through the operational problem with an expected cost of damage to the defender network. The solutions of the tactical games and, in turn the operational problem, are utilized to determine the effects and risks of projected network improvement resource allocation decisions via an integer program. These results can be used to inform network analysts of the resiliency of their network while providing recommendations and requirements for improving their network resiliency posture against potential malicious external actors

Evaluation and Improvement of Internet Voting Schemes Based on Legally-Founded Security Requirements

In recent years, several nations and private associations have introduced Internet voting as additional means to conduct elections. To date, a variety of voting schemes to conduct Internet-based elections have been constructed, both from the scientific community and industry. Because of its fundamental importance to democratic societies, Internet voting – as any other voting method – is bound to high legal standards, particularly imposing security requirements on the voting method. However, these legal standards, and resultant derived security requirements, partially oppose each other. As a consequence, Internet voting schemes cannot enforce these legally-founded security requirements to their full extent, but rather build upon specific assumptions. The criticality of these assumptions depends on the target election setting, particularly the adversary expected within that setting. Given the lack of an election-specific evaluation framework for these assumptions, or more generally Internet voting schemes, the adequacy of Internet voting schemes for specific elections cannot readily be determined. Hence, selecting the Internet voting scheme that satisfies legally-founded security requirements within a specific election setting in the most appropriate manner, is a challenging task. To support election officials in the selection process, the first goal of this dissertation is the construction of a evaluation framework for Internet voting schemes based on legally-founded security requirements. Therefore, on the foundation of previous interdisciplinary research, legally-founded security requirements for Internet voting schemes are derived. To provide election officials with improved decision alternatives, the second goal of this dissertation is the improvement of two established Internet voting schemes with regard to legally-founded security requirements, namely the Polyas Internet voting scheme and the Estonian Internet voting scheme. Our research results in five (partially opposing) security requirements for Internet voting schemes. On the basis of these security requirements, we construct a capability-based risk assessment approach for the security evaluation of Internet voting schemes in specific election settings. The evaluation of the Polyas scheme reveals the fact that compromised voting devices can alter votes undetectably. Considering surrounding circumstances, we eliminate this shortcoming by incorporating out of band codes to acknowledge voters’ votes. It turns out that in the Estonian scheme, four out of five security requirements rely on the correct behaviour of voting devices. We improve the Estonian scheme in that regard by incorporating out of band voting and acknowledgment codes. Thereby, we maintain four out of five security requirements against adversaries capable of compromising voting devices