Results 1 -
6 of
6
After we knew it: Empirical study and modeling of cost-effectiveness of exploiting prevalent known vulnerabilities across IaaS cloud
- In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 14
, 2014
"... Infrastructure as a Service (IaaS) cloud has been attracting more and more customers as it provides the highest level of flexibility by offering configurable virtual machines (VMs) and computing infrastructures. Public VM images are usually available for cus-tomers to customize and launch. However, ..."
Abstract
-
Cited by 5 (3 self)
- Add to MetaCart
(Show Context)
Infrastructure as a Service (IaaS) cloud has been attracting more and more customers as it provides the highest level of flexibility by offering configurable virtual machines (VMs) and computing infrastructures. Public VM images are usually available for cus-tomers to customize and launch. However, the 1 to N mapping between VM images and running instances in IaaS makes vulner-abilities propagate rapidly across the entire public cloud. Besides, IaaS cloud naturally comes with a larger and more stable attack surface and more concentrated target resources than traditional sur-roundings. In this paper, we first identify the threat of exploiting prevalent vulnerabilities 1 over public IaaS cloud with an empirical study in Amazon EC2. We find that attackers can compromise a considerable number of VMs with trivial cost. We then do a qual-itative cost-effectiveness analysis of this threat. Our main result is a two-fold observation: in IaaS cloud, exploiting prevalent vulner-abilities is much more cost-effective than traditional in-house com-puting environment, therefore attackers have stronger incentive; Fortunately, on the other hand, cloud defenders (cloud providers and customers) also have much lower cost-loss ratio than in tra-ditional environment, therefore they can be more effective for de-fending attacks. We then build a game-theoretic model and conduct a risk-gain analysis to compare exploiting and patching strategies under cloud and traditional computing environments. Our model-ing indicates that under cloud environment, both attack and defense become less cost-effective as time goes by, and the earlier actioner can be more rewarding. We propose countermeasures against such threat in order to bridge the gap between current security situa-tion and defending mechanisms. To our best knowledge, we are the first to analyze and model the threat with prevalent known-vulnerabilities in public cloud. 1in our experiments, we treat vulnerabilities with 30 % or higher prevalence as prevalent vulnerabilities
Quantitative risk assessment under multi-context environment (Doctoral dissertation
, 2014
"... If you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hard-ening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network wit ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
If you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hard-ening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network without a feasible risk prioritization methodology. Unlike height, weight or temperature, risk from vulnerabilities is sophisticated to assess and the assessment is heavily context-dependent. Existing vulnerability assessment methodologies (e.g. CVSS scoring system, etc) mainly focus on the evaluation over intrinsic risk of individual vulnerabilities without taking their contexts into consideration. Vulnerability assessment over network usually output one ag-gregated metric indicating the security level of each host. However, none of these work captures the severity change of each individual vulnerabilities under different contexts. I have captured a number of such contexts for vulnerability assessment. For example, the correlation of vulnerabilities belonging to the same application should be considered while aggregating their risk scores. At system level, a vulnerability detected on a highly depended
Assessing attack surface with component-based package dependency
- In Proceedings of 9th International Conference on Network and System Security(NSS 15
, 2015
"... Abstract. Package dependency has been considered in many vulner-ability assessment systems. However, existing approaches are either coarse-grained and do not accurately reveal the influence and severity of vulnerabilities, or do not provide comprehensive (both incoming and outgoing) analysis of atta ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Package dependency has been considered in many vulner-ability assessment systems. However, existing approaches are either coarse-grained and do not accurately reveal the influence and severity of vulnerabilities, or do not provide comprehensive (both incoming and outgoing) analysis of attack surface through package dependency. We propose a systematic approach of measuring attack surface exposed by individual vulnerabilities through component level dependency analysis. The metric could potentially extended to calculate attack surfaces at component, package, and system levels. It could also be used to calcu-late both incoming and outgoing attack surfaces, which enables system administrators to accurately evaluate how much risk that a vulnerabil-ity, a component or a package to the complete system, and the risk that is injected to a component or package by packages it depends on in a given system. To our best knowledge, our approach is the first to quanti-tatively assess attack surfaces of vulnerabilities, components, packages, and systems through component level dependency. 1
Predicting Cyber Risks through National Vulnerability Database
"... Submit your article to this journal ..."
(Show Context)
A Theory of Cyber Attacks A Step Towards Analyzing MTD Systems
"... Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems – an attacker’s biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quanti-fying the imp ..."
Abstract
- Add to MetaCart
(Show Context)
Moving Target Defenses (MTD) have been touted as a game changing approach to computer security that eliminates the static nature of current computer systems – an attacker’s biggest advantage. While promising, the dynamism of MTD introduces challenges related to understanding and quanti-fying the impact of MTD systems on security, users, and attackers. To analyze this impact, both the concepts of MTD systems and cyber attacks must be formalized. While a theory of MTD systems was proposed in [18], this paper presents a theory of cyber attacks that supports the un-derstanding and analysis of the interaction between MTD systems and the attacks they hope to thwart. The theory defines key concepts that support precise discussion of at-tacker knowledge, attack types, and attack instances. The paper also presents concrete examples to show how these definitions and concepts can be used in realistic scenarios.
CLKS: Certificateless Keyword Search on Encrypted Data
"... Abstract. Keyword search on encrypted data enables one to search key-word ciphertexts without compromising keyword security. We further in-vestigate this problem and propose a novel variant, dubbed certificateless keyword search on encrypted data (CLKS). CLKS not only supports key-word search on enc ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Keyword search on encrypted data enables one to search key-word ciphertexts without compromising keyword security. We further in-vestigate this problem and propose a novel variant, dubbed certificateless keyword search on encrypted data (CLKS). CLKS not only supports key-word search on encrypted data, but also brings promising features due to the certificateless cryptography. In contrast to the certificated-based keyword search, CLKS requires no validation on the trustworthy of the
