Optimal Security Management Using Attack Trees
Researchers have previously looked into the problem of determining
whether a given set of security hardening measures can effectively
make a networked system secure. Many of them also addressed the
problem of minimizing the total cost of implementing these hardening
measures given costs for individual measures. However, system
administrators are often faced with a more challenging problem since
they have to work within a fixed budget which may be less than the
minimum cost of system hardening. Their problem is how to select a
subset of security hardening measures so as to be within the budget
and yet minimize the residual damage to the system caused by not
plugging all required security holes. We have developed a tool that
helps system administrator perform such optimal security management in
large enterprise system. The tool uses a backend vulnerability scanner
to perform a vulnerability assessment of the system. It then builds an
attack tree of the system to present a consolidated picture of the
contributions of the vulnerabilities towards any possible damage to
the organization's assets. The tool allows the administrator to
estimate various costs associated with a potential attack to the
system, for example, the least effort (from an attacker's perspective)
to compromise the system, the dollar value of the damage that can
result from an actual attack on the system and the security control
cost that will be incurred to implement a set of security hardening
measure. Finally, the tool uses genetic algorithms to provide optimal
solutions to the security administrators dilemma identified above. All
these information are displayed to the system administrator through a GUI.
Indrajit Ray, Colorado State University