WO2007027131A2 - Method for dependence based risk evaluation in computer systems - Google Patents

Method for dependence based risk evaluation in computer systems Download PDF

Info

Publication number
WO2007027131A2
WO2007027131A2 PCT/SE2006/000946 SE2006000946W WO2007027131A2 WO 2007027131 A2 WO2007027131 A2 WO 2007027131A2 SE 2006000946 W SE2006000946 W SE 2006000946W WO 2007027131 A2 WO2007027131 A2 WO 2007027131A2
Authority
WO
WIPO (PCT)
Prior art keywords
countermeasure
vulnerability
resource
threat
risk
Prior art date
Application number
PCT/SE2006/000946
Other languages
French (fr)
Inventor
Viktor Endersz
Original Assignee
Teliasonera Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Teliasonera Ab filed Critical Teliasonera Ab
Publication of WO2007027131A2 publication Critical patent/WO2007027131A2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • the present invention relates to complex computer systems in which a plurality of different resources from a communication point of view are connected to, or in other ways dependent on, each other. More exactly, the invention relates to a method for automatic risk and vulnerability evaluation based on dependence in complex networks, for optimization of the risk level by simulating of effects of potential countermeasures . By the invention it will be possible to get a general idea of how changes influence the whole system and trace separate events .
  • ICT-systems Information and Communications Technology - or Technologies
  • ICT Information and Communications Technology - or Technologies
  • An ICT-system consequently includes a number of different resources which, from a dependence point of view, are coupled/linked to each other.
  • the concept resources include all essential parts of an ICT-system, such as system components, information, communication, etc.
  • a problem, the solution of which constitutes the aim of the present invention, is to, in a complex ICT-system, quickly, preferably in real time, estimate the consequences of security related events, primarily changes which can result in increased vulnerability of the system leading to risk of influence with lost information, reduced function and accessibility, and delays as consequence.
  • the negative resulting effects affect, directly or indirectly, services and applications which are based on functions of the ICT- system.
  • To quickly get possibility to analyze such consequences constitutes the basis for the selection of suitable countermeasures which can be brought into action with least possible delay.
  • the problem is that attacks and infringements in services and systems often will have consequences to other components in the system, for instance by the threatening picture suddenly being changed.
  • Attacks and infringements, or any other unwanted change of the condition/state of the system also may result in that new vulnerabilities are uncovered, and by that the probability will increase that the error condition also will spread to other services and systems.
  • the relations in a complex, distributed system are difficult to analyze and even more difficult to evaluate from a quantitative point of view within sufficiently close frames of time.
  • PRIOR ART US 2004/0143753 Al describes a system and a method to analyze risks in a computer network.
  • the system determines resource relations/conditions between a plurality of different components in the network and receives a direct event which is associated to a given component, where the event has an event risk level. If this event risk level exceeds a given threshold value, the system will spread the event to components which are related to the given object.
  • the document does not describe how the network can be adapted to provide countermeasures for limiting a threatening picture, which makes the system less flexible and limits the field of application of the system.
  • a method for risk assessment/evaluation in an ICT-system comprising a plurality of resources, including the steps to: identify the dependence of each other of said resources; define a threat probability of/for a threat against a first resource; define separate value parameters for the first resource and at least a second resource which is dependent on the first resource; define separate vulnerability parameters for the threat in the first and in at least the second resource as a consequence of the dependence of the first resource; - calculate vulnerability values for the first and at least the second resource as the product of value parameter and vulnerability parameter for respective resource; calculate a risk value as the product between the sum of said vulnerability values and the threat probability.
  • the method includes the steps to: simulate a given countermeasure directed against the threat ; calculate new vulnerability values based on said countermeasure ; - calculate a new risk value based on the new vulnerability values.
  • the method includes the steps to : define a criterion of/for acceptable risk level; repeat the steps according to claim 2 with different countermeasures until said criterion has been fulfilled. In one embodiment the method includes the steps to: introduce a countermeasure which results in that said criterion is fulfilled, in said ICT-system.
  • said criterion is to lower/reduce the risk below a given threshold level.
  • said criterion is to minimize cost of countermeasure which lowers/reduces the risk below a predetermined threshold level .
  • said criterion is to minimize the sum of cost of/for countermeasure and remaining risk.
  • the step to calculate new vulnerability values based on said countermeasure further includes the step to: utilize new vulnerability parameters adapted in relation to the countermeasure .
  • the step to calculate new vulnerability values based on said countermeasure further includes the step to: utilize new value parameters adapted in relation to the countermeasure .
  • the method includes the step to: define the threat probability as a value between 0 and 1.
  • the method includes the step to: define each vulnerability parameter as a value between 0 and 1.
  • FIG. 1 schematically shows a dependence graph with threat detected against a system component .
  • the method according to the invention utilizes in advance stored information regarding dependence between cooperating system resources so that the resulting consequences, which are described for instance as risks, can be determined over the whole system, and with suitably selected measures be limited.
  • Dependence between system resources are generally described as a graph, as in the example in Fig.l.
  • Dependence between two resources, for instance C4 and C5 in Fig.l means that C4 provides C5 with some kind of support.
  • C4 can be a database, a communication link (radio, Internet, LAN) or any other service which supports C5. Changed function or state/condition of C4 will influence
  • a change in C4 consequently is propagated/ spread further in the system by dependence relations/ conditions between resources.
  • a threat T against C4 consequently also implies an increased threat against C5 and C7-C9, so these are specially marked with double frame in the figure.
  • a system according to Fig.l also can include resources, components, which influence each other, and are in such cases represented in a dependence graph with one in between located two-way arrow.
  • a threat T is directed against a vulnerability in a system resource, and exposes an asset (value) .
  • asset value
  • a risk or a risk value R is a damage cost.
  • the probability that a threat T is realized is H, which preferably has a value between 0 and 1, with one, two or more decimals accuracy.
  • the threat T acts by a vulnerability defined by a vulnerability parameter V which exposes assets in the system.
  • V is also given a value between 0 and 1 with one, two or more decimals accuracy, which indicates how big portion of the asset in a resource C that is exposed to the threat.
  • the risk R is at that defined as:
  • C corresponds to the value in/of the resource
  • V*C constitutes the vulnerability value in that resource.
  • a threat can utilize a plurality of weaknesses and one weakness can expose a plurality of assets.
  • the risk which will arise at threat against a component, for instance C4 is calculated by calculating the product between probability H, threat T, and the vulnerability value, that is, vulnerability V times the value C (4) in C4 which is exposed by the vulnerability.
  • This threat T also generates a risk at C5 , as a consequence of the existing dependence which is shown in Fig.l.
  • the vulnerability in this case will be a combination of the vulnerability of C4 for the current threat, and of the vulnerability which occurs by C5"s dependence on C4.
  • a new vulnerability V (45) is introduced to describe the effect of the threat via C4 on C5 by the dependence.
  • the risk for C5 will be:
  • the total risk, or risk value, R consequently is calculated as the sum of separate vulnerability values of the attacked resource, and of/for the resources which are depending on the attacked resource, multiplied by the threat probability.
  • the total risk level R which occurs if one or more components are exposed to threat, is calculated according to what has been described above. The result of the calculation is used to estimate/evaluate the total negative influence of a security related event, for instance virus, data infringement or fraud.
  • Countermeasures include activation of security mechanisms, changing of the configuration of the system (for instance redirection of traffic, restriction of functionality, shutting off part of, or the whole, system) and other suitable interventions.
  • a given intervention is determined, which in itself can include a plurality of different separate subinterventions and the effect of that this given intervention is executed is simulated.
  • a new value for the resulting risk is calculated by means of the existing dependence relations/conditions. New values for/of the resulting risk are depending on that the vulnerability values V*C are changed.
  • the vulnerability parameters V being changed, for instance by a given resource quite simply is made more secure, which lowers/reduces the vulnerability value.
  • the value parameters C can be changed, because the countermeasures can result in increased or decreased value for/of the resource.
  • Different criteria can be set for which countermeasure that shall be selected, for instance : - Lower/reduce remaining risk to under predetermined threshold level;
  • Last step is to select countermeasure which best meets made demands.
  • a plurality of iterations that is, test of alternative countermeasures, may be needed before valid criteria have been reached, and the countermeasures can be implemented.
  • the method makes automatically optimized response to security-related events in real time possible.
  • the underlying model of the method also makes possible graphical presentation of dependence and graphical indication to system administrator of changes of risk levels and other conditions in system.
  • the method consequently utilizes dependence graphs for overall/ comprehensive dynamic risk evaluation of complex systems as consequence of security-related events, and combines this with process for optimized selection of countermeasures in real time.
  • the invention can be used generally for increased protection and reduction of risk/damage in ICT- systems .
  • the advantages of the method will increase with increased size and complexity of the ICT-environment .
  • In one embodiment of the invention also another use of dependence relations/conditions between system resources is provided. On basis of event which is detected in dependent components, the source can be traced by following dependence backwards in the graph.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

METHOD FOR DEPENDENCE BASED RISK EVALUATION IN COMPUTER SYSTEMS
TECHNICAL FIELD The present invention relates to complex computer systems in which a plurality of different resources from a communication point of view are connected to, or in other ways dependent on, each other. More exactly, the invention relates to a method for automatic risk and vulnerability evaluation based on dependence in complex networks, for optimization of the risk level by simulating of effects of potential countermeasures . By the invention it will be possible to get a general idea of how changes influence the whole system and trace separate events .
PRIOR ART
In today's society of intensive communications where more and more of both simple and complex tasks are solved by computer controlled processes and systems, these systems and different resources in the systems tend to be more and more linked up and depending on each other. Such systems of coupled resources are frequently called ICT-systems (Information and Communications Technology - or Technologies) , where ICT is an umbrella designation which includes all sorts of communication devices or applications, comprising radio, TV, mobile telephones, hardware and software for computers and networks, etc. An ICT-system consequently includes a number of different resources which, from a dependence point of view, are coupled/linked to each other. The concept resources include all essential parts of an ICT-system, such as system components, information, communication, etc.
TECHNICAL PROBLEM A problem, the solution of which constitutes the aim of the present invention, is to, in a complex ICT-system, quickly, preferably in real time, estimate the consequences of security related events, primarily changes which can result in increased vulnerability of the system leading to risk of influence with lost information, reduced function and accessibility, and delays as consequence. The negative resulting effects affect, directly or indirectly, services and applications which are based on functions of the ICT- system. To quickly get possibility to analyze such consequences constitutes the basis for the selection of suitable countermeasures which can be brought into action with least possible delay. The problem is that attacks and infringements in services and systems often will have consequences to other components in the system, for instance by the threatening picture suddenly being changed. Attacks and infringements, or any other unwanted change of the condition/state of the system, also may result in that new vulnerabilities are uncovered, and by that the probability will increase that the error condition also will spread to other services and systems. The relations in a complex, distributed system are difficult to analyze and even more difficult to evaluate from a quantitative point of view within sufficiently close frames of time.
PRIOR ART US 2004/0143753 Al describes a system and a method to analyze risks in a computer network. The system determines resource relations/conditions between a plurality of different components in the network and receives a direct event which is associated to a given component, where the event has an event risk level. If this event risk level exceeds a given threshold value, the system will spread the event to components which are related to the given object. The document, however, does not describe how the network can be adapted to provide countermeasures for limiting a threatening picture, which makes the system less flexible and limits the field of application of the system. SUMMARY OF THE INVENTION
According to the invention, the above mentioned aim is fulfilled by a method for risk assessment/evaluation in an ICT-system comprising a plurality of resources, including the steps to: identify the dependence of each other of said resources; define a threat probability of/for a threat against a first resource; define separate value parameters for the first resource and at least a second resource which is dependent on the first resource; define separate vulnerability parameters for the threat in the first and in at least the second resource as a consequence of the dependence of the first resource; - calculate vulnerability values for the first and at least the second resource as the product of value parameter and vulnerability parameter for respective resource; calculate a risk value as the product between the sum of said vulnerability values and the threat probability. In one embodiment the method includes the steps to: simulate a given countermeasure directed against the threat ; calculate new vulnerability values based on said countermeasure ; - calculate a new risk value based on the new vulnerability values.
In one embodiment the method includes the steps to : define a criterion of/for acceptable risk level; repeat the steps according to claim 2 with different countermeasures until said criterion has been fulfilled. In one embodiment the method includes the steps to: introduce a countermeasure which results in that said criterion is fulfilled, in said ICT-system.
In one embodiment said criterion is to lower/reduce the risk below a given threshold level.
In one embodiment said criterion is to minimize cost of countermeasure which lowers/reduces the risk below a predetermined threshold level .
In one embodiment said criterion is to minimize the sum of cost of/for countermeasure and remaining risk. In one embodiment the step to calculate new vulnerability values based on said countermeasure further includes the step to: utilize new vulnerability parameters adapted in relation to the countermeasure . In one embodiment the step to calculate new vulnerability values based on said countermeasure further includes the step to: utilize new value parameters adapted in relation to the countermeasure . In one embodiment the method includes the step to: define the threat probability as a value between 0 and 1.
In one embodiment the method includes the step to: define each vulnerability parameter as a value between 0 and 1.
BRIEF DESCRIPTION OF THE DRAWING
Embodiments of the present invention are described below with reference to the enclosed drawing, in which Fig. 1 schematically shows a dependence graph with threat detected against a system component .
DESCRIPTION OF THE INVENTION
The method according to the invention utilizes in advance stored information regarding dependence between cooperating system resources so that the resulting consequences, which are described for instance as risks, can be determined over the whole system, and with suitably selected measures be limited. Dependence between system resources are generally described as a graph, as in the example in Fig.l. Dependence between two resources, for instance C4 and C5 in Fig.l, means that C4 provides C5 with some kind of support. C4 can be a database, a communication link (radio, Internet, LAN) or any other service which supports C5. Changed function or state/condition of C4 will influence
C5 , which in its turn probably will result in changes of/at C7, C8 and C9. A change in C4 consequently is propagated/ spread further in the system by dependence relations/ conditions between resources. A threat T against C4 consequently also implies an increased threat against C5 and C7-C9, so these are specially marked with double frame in the figure. A system according to Fig.l also can include resources, components, which influence each other, and are in such cases represented in a dependence graph with one in between located two-way arrow.
A threat T is directed against a vulnerability in a system resource, and exposes an asset (value) . The following definitions are used:
A risk or a risk value R is a damage cost. The probability that a threat T is realized is H, which preferably has a value between 0 and 1, with one, two or more decimals accuracy. The threat T acts by a vulnerability defined by a vulnerability parameter V which exposes assets in the system. V is also given a value between 0 and 1 with one, two or more decimals accuracy, which indicates how big portion of the asset in a resource C that is exposed to the threat. According to the invention the risk R is at that defined as:
R = H*V*C,
where C corresponds to the value in/of the resource, and V*C constitutes the vulnerability value in that resource. This is the simplest case. A threat, however, can utilize a plurality of weaknesses and one weakness can expose a plurality of assets. The risk which will arise at threat against a component, for instance C4 , is calculated by calculating the product between probability H, threat T, and the vulnerability value, that is, vulnerability V times the value C (4) in C4 which is exposed by the vulnerability.
R(4) = H*V(4) *C(4)
Suppose, for instance, that the threat T is encroachment in a database C4 which occurs at a certain point of time with the probability H = 0,5. The threat in question only have an influence on a fourth of the value C which the database represents; thus V = 0,25. If the value C in the database is X, the risk will be:
R = 0,5*0,25*X = 0,125*X
This threat T also generates a risk at C5 , as a consequence of the existing dependence which is shown in Fig.l. The vulnerability in this case will be a combination of the vulnerability of C4 for the current threat, and of the vulnerability which occurs by C5"s dependence on C4. A new vulnerability V (45) is introduced to describe the effect of the threat via C4 on C5 by the dependence. The risk for C5 will be:
R(45) = H*V(45) *C(5)
and the total risk R at C4 and C5 is:
R = R(4)+R(45) = H* [V(4) *C(4) +V(45) *C(5) ]
The total risk, or risk value, R, consequently is calculated as the sum of separate vulnerability values of the attacked resource, and of/for the resources which are depending on the attacked resource, multiplied by the threat probability.
This method for quantitative description of the effect of the dependence on risks for two components can easily be generalized on whole dependence chains and for different threats. For a case like that illustrated in the figure, also the vulnerability and the risk for the in the next step depending resources C7-C9 must be determined to make it possible to calculate the effect of the total resulting risk of the threat T. By analysis of possible threats and their propagation, the values for vulnerabilities are determined and organized in suitable form fitting the calculation algorithm, for instance in table or matrix form. The method according to the invention includes the following steps:
1) By means of knowledge of dependence relations/ conditions between components the total risk level R, which occurs if one or more components are exposed to threat, is calculated according to what has been described above. The result of the calculation is used to estimate/evaluate the total negative influence of a security related event, for instance virus, data infringement or fraud.
2) After that, the system selects countermeasures with the aim of reducing the risk- level. Countermeasures include activation of security mechanisms, changing of the configuration of the system (for instance redirection of traffic, restriction of functionality, shutting off part of, or the whole, system) and other suitable interventions. At selection of countermeasure a given intervention is determined, which in itself can include a plurality of different separate subinterventions and the effect of that this given intervention is executed is simulated. At that, a new value for the resulting risk is calculated by means of the existing dependence relations/conditions. New values for/of the resulting risk are depending on that the vulnerability values V*C are changed. This can occur on one hand by the vulnerability parameters V being changed, for instance by a given resource quite simply is made more secure, which lowers/reduces the vulnerability value. However, also the value parameters C can be changed, because the countermeasures can result in increased or decreased value for/of the resource. Different criteria can be set for which countermeasure that shall be selected, for instance : - Lower/reduce remaining risk to under predetermined threshold level;
- Minimize cost of/for countermeasure which lowers/ reduces remaining risk to under predetermined threshold level; - Minimize total cost, which is the sum of/for the cost of countermeasure and remaining risk.
3) Last step is to select countermeasure which best meets made demands. A plurality of iterations, that is, test of alternative countermeasures, may be needed before valid criteria have been reached, and the countermeasures can be implemented.
The method makes automatically optimized response to security-related events in real time possible. The underlying model of the method also makes possible graphical presentation of dependence and graphical indication to system administrator of changes of risk levels and other conditions in system. The method consequently utilizes dependence graphs for overall/ comprehensive dynamic risk evaluation of complex systems as consequence of security-related events, and combines this with process for optimized selection of countermeasures in real time. The invention can be used generally for increased protection and reduction of risk/damage in ICT- systems . The advantages of the method will increase with increased size and complexity of the ICT-environment . In one embodiment of the invention also another use of dependence relations/conditions between system resources is provided. On basis of event which is detected in dependent components, the source can be traced by following dependence backwards in the graph. Suppose that both C5 and C9 detects negative influence without indication of direct attack against these two components. Influence on C5 and C9 in this case can have been caused by attack against C3 , which via dependence influence C5 and C9. This possibility will be useful when change in more than one component is detected at the same time, and there is reason to believe that the source of/to the changes is located higher up in the graph. By moving backwards in the dependence graph from depending components it will be possible to identify the common node as the probable place of the primary event .
It should be understood that above described embodiments only constitute examples and that a lot of variations and modifications can be made without deviating from the scope of protection of the invention, which is defined in the enclosed patent claims.

Claims

PATENT CLAIMS
1. Method for automatic generation of response to security related real time events in an ICT-system comprising a plurality of resources (C1-C9) , c h a r a c t e r i z e d in: a definition phase including the steps to:
- identify said resources" dependence of each other;
- define a threat probability of/for a threat (T) against a first resource (C4) ;
- define separate value parameters for the first resource (C4) and at least a second resource (C5) which is depending on the first resource;
- define separate vulnerability parameters for the threat in the first and in at least the second resource as a consequence of the dependence on the first resource;
- calculate vulnerability values for the first and at least the second resource, as the product of value parameter and vulnerability parameter for/of respective resource;
- calculate a risk value as the product between the sum of said vulnerability values and the threat probability, an analysis phase including the steps to: define a criterion for acceptable risk level;
- iterate the following steps with different countermeasures until said criterion has been fulfilled: - simulate a given countermeasure directed against the threat;
- calculate new vulnerability values based on said countermeasure;
- calculate a new risk value based on the new vulnerability values. an execution phase, including the step to: - introduce a real countermeasure corresponding to a simulated countermeasure which results in that said criterion is fulfilled, when a security-related event corresponding to said threat (T) has occurred in said ICT-system.
2. The method as claimed in patent claim 1, at which said criterion is to lower/reduce the risk below a given threshold value/level.
3. The method as claimed in patent claim 1, at which said criterion is to minimize cost of countermeasure which lowers/reduces the risk below a predetermined threshold value/level .
4. The method as claimed in patent claim 1, at which said criterion is to minimize the sum of cost of/for countermeasure and remaining risk.
5. The method as claimed in patent claim 1, at which the step to calculate new vulnerability values based on said countermeasure includes the step to:
- utilize new vulnerability parameters adapted in relation to the countermeasure .
6. The method as claimed in patent claim 1, at which the step to calculate new vulnerability values based on said countermeasure includes the step to:
- utilize new value parameters adapted in relation to the countermeasure.
7. The method as claimed in patent claim 1 including the step to:
- define the threat probability as a value between 0 and 1.
8. The method as claimed in patent claim 1 including the step to:
- define each vulnerability parameter as a value between 0 and 1.
PCT/SE2006/000946 2005-09-02 2006-08-14 Method for dependence based risk evaluation in computer systems WO2007027131A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0501942 2005-09-02
SE0501942-7 2005-09-02

Publications (1)

Publication Number Publication Date
WO2007027131A2 true WO2007027131A2 (en) 2007-03-08

Family

ID=37809303

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2006/000946 WO2007027131A2 (en) 2005-09-02 2006-08-14 Method for dependence based risk evaluation in computer systems

Country Status (1)

Country Link
WO (1) WO2007027131A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2385676A1 (en) * 2010-05-07 2011-11-09 Alcatel Lucent Method for adapting security policies of an information system infrastructure
EP2737664A4 (en) * 2011-07-27 2015-07-22 Mcafee Inc System and method for network-based asset operational dependence scoring
EP3021546A1 (en) * 2014-11-14 2016-05-18 Institut Mines-Telecom / Telecom Sudparis Selection of countermeasures against cyber attacks
US11677773B2 (en) 2018-11-19 2023-06-13 Bmc Software, Inc. Prioritized remediation of information security vulnerabilities based on service model aware multi-dimensional security risk scoring

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2385676A1 (en) * 2010-05-07 2011-11-09 Alcatel Lucent Method for adapting security policies of an information system infrastructure
WO2011138417A1 (en) * 2010-05-07 2011-11-10 Alcatel Lucent Method for adapting security policies of an information system infrastructure
KR101404352B1 (en) * 2010-05-07 2014-06-09 엥스띠뛰 텔레콤/텔레콤 브레따뉴 Method for adapting security policies of an information system infrastructure
US8973092B2 (en) 2010-05-07 2015-03-03 Alcatel Lucent Method for adapting security policies of an information system infrastructure
EP2737664A4 (en) * 2011-07-27 2015-07-22 Mcafee Inc System and method for network-based asset operational dependence scoring
EP3021546A1 (en) * 2014-11-14 2016-05-18 Institut Mines-Telecom / Telecom Sudparis Selection of countermeasures against cyber attacks
WO2016075115A1 (en) * 2014-11-14 2016-05-19 Institut Mines-Telecom/Telecom Sudparis Selection of countermeasures against cyber attacks
US10419474B2 (en) 2014-11-14 2019-09-17 Institut Mines-Telecom/Telecom Sudparis Selection of countermeasures against cyber attacks
US11677773B2 (en) 2018-11-19 2023-06-13 Bmc Software, Inc. Prioritized remediation of information security vulnerabilities based on service model aware multi-dimensional security risk scoring

Similar Documents

Publication Publication Date Title
CA3055978C (en) Prioritized remediation of information security vulnerabilities based on service model aware multi-dimensional security risk scoring
US11252175B2 (en) Criticality analysis of attack graphs
US20210329025A1 (en) Enterprise cyber security risk management and resource planning
CN110347596B (en) Test method, device, system, electronic equipment and medium
US7475135B2 (en) Systems and methods for event detection
Foo et al. ADEPTS: Adaptive intrusion response using attack graphs in an e-commerce environment
US11829484B2 (en) Cyber risk minimization through quantitative analysis of aggregate control efficacy
US10977587B2 (en) System and method for providing impact modeling and prediction of attacks on cyber targets
US8762188B2 (en) Cyberspace security system
US6895383B2 (en) Overall risk in a system
US20050091542A1 (en) Automated computer vulnerability resolution system
Uemura et al. Availability analysis of an intrusion tolerant distributed server system with preventive maintenance
US8572729B1 (en) System, method and computer program product for interception of user mode code execution and redirection to kernel mode
WO2007027131A2 (en) Method for dependence based risk evaluation in computer systems
Fehling-Kaschek et al. A systematic tabular approach for risk and resilience assessment and Improvement in the telecommunication industry
EP3970045A1 (en) Minimizing production disruption through a scan rule engine
US8646025B2 (en) Automated local exception rule generation system, method and computer program product
Yearworth et al. Predictive modelling for security operations economics
Musliner et al. Meta-control for adaptive cybersecurity in FUZZBUSTER
US20190312905A1 (en) Systems and methods for assessing the status and security of electronic network servers and systems
Rawal et al. Analysis of bugs in Google security research project database
Ismail et al. Optimal deployment of security policies: Application to industrial control systems
Koufos et al. Dynamic risk management
Iafarov et al. Improving attack mitigation with a cost-sensitive and adaptive intrusion response system
Schneidewind Reliability-security model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06769613

Country of ref document: EP

Kind code of ref document: A2