Tutorial 3


Date/Time: Tuesday November 10, 3:30pm-5:00pm
Duration: 1.5 hours
Title: Security Risk Analysis of Enterprise Networks: Techniques and Challenges

Presenters: Dr. Anoop Singhal and Dr. Xinming Ou
anoop xinming
Abstract:

Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. The objective of this tutorial is to give an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one”. In this tutorial, we will present a methodology for security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Our techniques analyze all attack paths through a network, for an attacker to reach a certain goal.

Outline:

At present, enterprise networks constitute the core component of information technology infrastructures in areas such as power grids, financial data systems and emergency communication systems. Protection of these networks from malicious intrusions is critical to the economy and security of our nation. To improve the security of these information systems, it is necessary to measure the amount of security provided by different networks configurations. The objective of this tutorial is to give an overview of the techniques and challenges for security risk analysis of computer networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one”. Also, having a standard model to measure network security will bring together users, vendors and researchers to evaluate methodologies and products for network security.

An essential type of security risk analysis is to determine the level of compromise possible for important hosts in a network from a given starting location. This is a complex task as it depends on the network topology, security policy in the network as determined by the placement of firewalls, routers and switches and on vulnerabilities in hosts and communication protocols. Traditionally, this type of analysis is performed by a red team of computer security professionals who actively test the network by running exploits that compromise the system. Red team exercises are effective, however they are labor intensive and time consuming. There is a need for alternate approaches that can work with host vulnerability scans.

In this tutorial, we will present a methodology for security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Attack graphs illustrate the cumulative effect of attack steps, showing how individual steps can potentially enable an attacker to gain privileges deep within the network. CVSS is a risk measurement system that gives the likelihood that a single attack step is successfully executed. In this tutorial we present a methodology to measure the overall system risk by combining the attack graph structure with CVSS. Our technique analyzes all attack paths through a network, providing a probabilistic metric of the overall system risk.

The outline for the tutorial: Intended Audience:

IT Security Professionals in industry and academia, researchers in computer and network security, graduate students.

Bio of Anoop

Dr. Anoop Singhal is currently a Senior Computer Scientist in the Computer Security Division at NIST. His research interests are in secure web services and network security, intrusion detection and large scale data mining systems. He has several years of research experience at NIST, George Mason University and AT&T Bell Labs. As a Distinguished Member of Technical Staff at Bell Labs he has led several research projects in the area of Databases and Data Mining Systems, Web Services and Network Management Systems. He is a senior member of IEEE and he has published more than 25 papers in leading conferences and journals. He received his Ph.D. in Computer Science from Ohio State University, Columbus Ohio in 1985. He has given talks and presented papers in conferences such as ACSAC 2007, RSA 2007 and IFIP DBSEC 2008.

Anoop Singhal, Ph.D. Senior Computer Scientist Computer Security Division NIST Gaithersburg, MD 20899

Bio of Simon

Dr. Xinming Ou is currently an Assistant Professor at Kansas State University. He received his PhD from Princeton University in 2005, where he designed the MulVAL network security analyzer as his PhD dissertation work. He was a post-doctoral research associate at Purdue University's CERIAS center from Sept 2005 to May 2006, and joined Kansas State University in Aug 2006. Dr. Ou has also visited Idaho National Laboratory (INL) for the summers of 2006 and 2007 as a research associate, working with INL scientists on applying logical attack graphs to analyze the security threats facing the nation's critical infrastructures. Dr. Ou's current research activities focus on enterprise network security defense, including security configuration management and real-time situation awareness.

Xinming (Simon) Ou Assistant Professor Computing and Information Sciences Kansas State University 234 Nichols Hall Manhattan, KS 66506

Last modified: 2009-10-21 15:33:44 EDT

ACM CCS 2009