Objective risk evaluation for automated security management

Mohammad Salim Ahmed; Ehab Al-Shaer; Mohamed Taibah; Latifur Khan

doi:10.1007/s10922-010-9177-6

Objective risk evaluation for automated security management

Mohammad Salim Ahmed^*
, Ehab Al-Shaer
, Mohamed Taibah
, Latifur Khan

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

18 Scopus citations

Abstract

Network security depends on a number of factors. And a common characteristic of these factors is that they are dynamic in nature. Such factors include new vulnerabilities and threats, the network policy structure and traffic. These factors can be divided into two broad categories. Network risk and service risk. As the name implies, the former one corresponds to risk associated with the network policy whereas the later one depends on the services and software running on the system. Therefore, evaluating security from both the service and policy perspective can allow the management system to make decisions regarding how a system should be changed to enhance security as par the management objective. Such decision making includes choosing between alternative security architectures, designing security countermeasures, and to systematically modify security configurations to improve security. As there may be real time changes to the network threat, this evaluation must be done dynamically to handle such changes. In this paper, we provide a security metric framework that quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerabilities of the remotely accessible services, prediction of potential vulnerabilities for these services and their estimated severity, unused address space and finally propagation of an attack within the network. These factors cover both the service aspect and the network aspect of risk toward a system. We have implemented this framework as a user-friendly tool called Risk based prOactive seCurity cOnfiguration maNAger (ROCONA) and showed how this tool simplifies security configuration management of services and policies in a system using risk measurement and mitigation. We also combine all the components into one single metric and present validation experiments using real-life vulnerability data from National Vulnerability Database (NVD) and show comparison with two existing risk measurement tools.

Original language	English
Pages (from-to)	343-366
Number of pages	24
Journal	Journal of Network and Systems Management
Volume	19
Issue number	3
DOIs	https://doi.org/10.1007/s10922-010-9177-6
State	Published - Sep 2011
Externally published	Yes

Bibliographical note

Funding Information:
Mohamed Taibah is a PhD student at DePaul University. He had his BSc and MS degrees in Electrical Engineering from King Fahd University of Petroleum and Minerals, Saudi Arabia and Northwestern University, Chicago, USA in 1996 and 1999 respectively. His area of research is worm control, botnet detection and risk measurement. He is currently working with Cisco Latifur Khan is currently an Associate Professor in the Computer Science department at the University of Texas at Dallas (UTD), where he has taught and conducted research since September 2000. He received his Ph.D. and M.S. degrees in Computer Science from the University of Southern California, in August of 2000, and December of 1996 respectively. His research work is supported by grants from NASA, the Air Force Office of Scientific Research (AFOSR), National Science Foundation (NSF), IARPA, the Nokia Research Center, Raytheon, Alcatel, and the SUN Academic Equipment Grant program. In addition, Dr. Khan is the director of the state-of-the-art DBL@UTD, UTD Data Mining/ Database Laboratory, which is the primary center of research related to data mining, and image/video annotation at University of Texas-Dallas. Dr. Khan’s research areas cover data mining, multimedia information management, semantic web and database systems with the primary focus on first three research disciplines. He has served as a committee member in numerous prestigious conferences, symposiums and workshops including the ACM SIGKDD Conference on Knowledge Discovery and Data Mining. Dr. Khan has published over 130 papers in journals and conferences.

Keywords

Attack immunity
Attack propagation
Quality of protection
Risk prediction
Security evaluation
Vulnerability measure

ASJC Scopus subject areas

Information Systems
Hardware and Architecture
Computer Networks and Communications
Strategy and Management

Access to Document

10.1007/s10922-010-9177-6

Cite this

@article{307ba0963d044090865b8d82992767e8,

title = "Objective risk evaluation for automated security management",

abstract = "Network security depends on a number of factors. And a common characteristic of these factors is that they are dynamic in nature. Such factors include new vulnerabilities and threats, the network policy structure and traffic. These factors can be divided into two broad categories. Network risk and service risk. As the name implies, the former one corresponds to risk associated with the network policy whereas the later one depends on the services and software running on the system. Therefore, evaluating security from both the service and policy perspective can allow the management system to make decisions regarding how a system should be changed to enhance security as par the management objective. Such decision making includes choosing between alternative security architectures, designing security countermeasures, and to systematically modify security configurations to improve security. As there may be real time changes to the network threat, this evaluation must be done dynamically to handle such changes. In this paper, we provide a security metric framework that quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerabilities of the remotely accessible services, prediction of potential vulnerabilities for these services and their estimated severity, unused address space and finally propagation of an attack within the network. These factors cover both the service aspect and the network aspect of risk toward a system. We have implemented this framework as a user-friendly tool called Risk based prOactive seCurity cOnfiguration maNAger (ROCONA) and showed how this tool simplifies security configuration management of services and policies in a system using risk measurement and mitigation. We also combine all the components into one single metric and present validation experiments using real-life vulnerability data from National Vulnerability Database (NVD) and show comparison with two existing risk measurement tools.",

keywords = "Attack immunity, Attack propagation, Quality of protection, Risk prediction, Security evaluation, Vulnerability measure",

author = "Ahmed, \{Mohammad Salim\} and Ehab Al-Shaer and Mohamed Taibah and Latifur Khan",

note = "Funding Information: Mohamed Taibah is a PhD student at DePaul University. He had his BSc and MS degrees in Electrical Engineering from King Fahd University of Petroleum and Minerals, Saudi Arabia and Northwestern University, Chicago, USA in 1996 and 1999 respectively. His area of research is worm control, botnet detection and risk measurement. He is currently working with Cisco Latifur Khan is currently an Associate Professor in the Computer Science department at the University of Texas at Dallas (UTD), where he has taught and conducted research since September 2000. He received his Ph.D. and M.S. degrees in Computer Science from the University of Southern California, in August of 2000, and December of 1996 respectively. His research work is supported by grants from NASA, the Air Force Office of Scientific Research (AFOSR), National Science Foundation (NSF), IARPA, the Nokia Research Center, Raytheon, Alcatel, and the SUN Academic Equipment Grant program. In addition, Dr. Khan is the director of the state-of-the-art DBL@UTD, UTD Data Mining/ Database Laboratory, which is the primary center of research related to data mining, and image/video annotation at University of Texas-Dallas. Dr. Khan{\textquoteright}s research areas cover data mining, multimedia information management, semantic web and database systems with the primary focus on first three research disciplines. He has served as a committee member in numerous prestigious conferences, symposiums and workshops including the ACM SIGKDD Conference on Knowledge Discovery and Data Mining. Dr. Khan has published over 130 papers in journals and conferences.",

year = "2011",

month = sep,

doi = "10.1007/s10922-010-9177-6",

language = "English",

volume = "19",

pages = "343--366",

journal = "Journal of Network and Systems Management",

issn = "1064-7570",

publisher = "Springer New York",

number = "3",

}

TY - JOUR

T1 - Objective risk evaluation for automated security management

AU - Ahmed, Mohammad Salim

AU - Al-Shaer, Ehab

AU - Taibah, Mohamed

AU - Khan, Latifur

N1 - Funding Information: Mohamed Taibah is a PhD student at DePaul University. He had his BSc and MS degrees in Electrical Engineering from King Fahd University of Petroleum and Minerals, Saudi Arabia and Northwestern University, Chicago, USA in 1996 and 1999 respectively. His area of research is worm control, botnet detection and risk measurement. He is currently working with Cisco Latifur Khan is currently an Associate Professor in the Computer Science department at the University of Texas at Dallas (UTD), where he has taught and conducted research since September 2000. He received his Ph.D. and M.S. degrees in Computer Science from the University of Southern California, in August of 2000, and December of 1996 respectively. His research work is supported by grants from NASA, the Air Force Office of Scientific Research (AFOSR), National Science Foundation (NSF), IARPA, the Nokia Research Center, Raytheon, Alcatel, and the SUN Academic Equipment Grant program. In addition, Dr. Khan is the director of the state-of-the-art DBL@UTD, UTD Data Mining/ Database Laboratory, which is the primary center of research related to data mining, and image/video annotation at University of Texas-Dallas. Dr. Khan’s research areas cover data mining, multimedia information management, semantic web and database systems with the primary focus on first three research disciplines. He has served as a committee member in numerous prestigious conferences, symposiums and workshops including the ACM SIGKDD Conference on Knowledge Discovery and Data Mining. Dr. Khan has published over 130 papers in journals and conferences.

PY - 2011/9

Y1 - 2011/9

N2 - Network security depends on a number of factors. And a common characteristic of these factors is that they are dynamic in nature. Such factors include new vulnerabilities and threats, the network policy structure and traffic. These factors can be divided into two broad categories. Network risk and service risk. As the name implies, the former one corresponds to risk associated with the network policy whereas the later one depends on the services and software running on the system. Therefore, evaluating security from both the service and policy perspective can allow the management system to make decisions regarding how a system should be changed to enhance security as par the management objective. Such decision making includes choosing between alternative security architectures, designing security countermeasures, and to systematically modify security configurations to improve security. As there may be real time changes to the network threat, this evaluation must be done dynamically to handle such changes. In this paper, we provide a security metric framework that quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerabilities of the remotely accessible services, prediction of potential vulnerabilities for these services and their estimated severity, unused address space and finally propagation of an attack within the network. These factors cover both the service aspect and the network aspect of risk toward a system. We have implemented this framework as a user-friendly tool called Risk based prOactive seCurity cOnfiguration maNAger (ROCONA) and showed how this tool simplifies security configuration management of services and policies in a system using risk measurement and mitigation. We also combine all the components into one single metric and present validation experiments using real-life vulnerability data from National Vulnerability Database (NVD) and show comparison with two existing risk measurement tools.

AB - Network security depends on a number of factors. And a common characteristic of these factors is that they are dynamic in nature. Such factors include new vulnerabilities and threats, the network policy structure and traffic. These factors can be divided into two broad categories. Network risk and service risk. As the name implies, the former one corresponds to risk associated with the network policy whereas the later one depends on the services and software running on the system. Therefore, evaluating security from both the service and policy perspective can allow the management system to make decisions regarding how a system should be changed to enhance security as par the management objective. Such decision making includes choosing between alternative security architectures, designing security countermeasures, and to systematically modify security configurations to improve security. As there may be real time changes to the network threat, this evaluation must be done dynamically to handle such changes. In this paper, we provide a security metric framework that quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerabilities of the remotely accessible services, prediction of potential vulnerabilities for these services and their estimated severity, unused address space and finally propagation of an attack within the network. These factors cover both the service aspect and the network aspect of risk toward a system. We have implemented this framework as a user-friendly tool called Risk based prOactive seCurity cOnfiguration maNAger (ROCONA) and showed how this tool simplifies security configuration management of services and policies in a system using risk measurement and mitigation. We also combine all the components into one single metric and present validation experiments using real-life vulnerability data from National Vulnerability Database (NVD) and show comparison with two existing risk measurement tools.

KW - Attack immunity

KW - Attack propagation

KW - Quality of protection

KW - Risk prediction

KW - Security evaluation

KW - Vulnerability measure

UR - https://www.scopus.com/pages/publications/80052638739

U2 - 10.1007/s10922-010-9177-6

DO - 10.1007/s10922-010-9177-6

M3 - Article

AN - SCOPUS:80052638739

SN - 1064-7570

VL - 19

SP - 343

EP - 366

JO - Journal of Network and Systems Management

JF - Journal of Network and Systems Management

IS - 3

ER -

Objective risk evaluation for automated security management

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this