Publications

Refine Results

(Filters Applied) Clear All

By

Threat-based risk assessment for enterprise networks

January 1, 2016
  |
Journal Article
Author:
Richard P. Lippmann
Published in:
Lincoln Laboratory Journal, Vol. 22, No. 1, 2016, pp. 33-45.
Topic:
systems analysis
R&D area:
R&D group:

Summary

Protecting enterprise networks requires continuous risk assessment that automatically identifies and prioritizes cyber security risks, enables efficient allocation of cyber security resources, and enhances protection against modern cyber threats. Lincoln Laboratory created a network security model to guide the development of such risk assessments and, for the most important cyber threats, designed practical risk metrics that can be computed automatically and continuously from security-relevant network data.
READ LESS

Summary

Protecting enterprise networks requires continuous risk assessment that automatically identifies and prioritizes cyber security risks, enables efficient allocation of cyber security resources, and enhances protection against modern cyber threats. Lincoln Laboratory created a network security model to guide the development of such risk assessments and, for the most important cyber...

READ MORE
Threat-based risk assessment for enterprise networks

Quantitative evaluation of moving target technology

April 14, 2015
  |
Conference Paper
Author:
Paula J. Donovan
Published in:
HST 2015, IEEE Int. Symp. on Technologies for Homeland Security, 14-16 April 2015.
Topic:
systems analysis
R&D area:
R&D group:

Summary

Robust, quantitative measurement of cyber technology is critically needed to measure the utility, impact and cost of cyber technologies. Our work addresses this need by developing metrics and experimental methodology for a particular type of technology, moving target technology. In this paper, we present an approach to quantitative evaluation, including methodology and metrics, results of analysis, simulation and experiments, and a series of lessons learned.
READ LESS

Summary

Robust, quantitative measurement of cyber technology is critically needed to measure the utility, impact and cost of cyber technologies. Our work addresses this need by developing metrics and experimental methodology for a particular type of technology, moving target technology. In this paper, we present an approach to quantitative evaluation, including...

READ MORE
Quantitative evaluation of moving target technology

Agent-based simulation for assessing network security risk due to unauthorized hardware

April 12, 2015
  |
Conference Paper
Author:
Neal Wagner
Published in:
SpringSim 2015: Spring Simulation Multiconference, 12-15 April 2015.
Topic:
machine learning
R&D area:
R&D group:

Summary

Computer networks are present throughout all sectors of our critical infrastructure and these networks are under a constant threat of cyber attack. One prevalent computer network threat takes advantage of unauthorized, and thus insecure, hardware on a network. This paper presents a prototype simulation system for network risk assessment that is intended for use by administrators to simulate and evaluate varying network environments and attacker/defender scenarios with respect to authorized and unauthorized hardware. The system is built on the agent-based modeling paradigm and captures emergent system dynamics that result from the interactions of multiple network agents including regular and administrator users, attackers, and defenders in a network environment. The agent-based system produces both metrics and visualizations that provide insights into network security risk and serve to guide the search for efficient policies and controls to protect a network from attacks related to unauthorized hardware. The simulation model is unique in the current literature both for its network threat model and its visualized agent-based approach. We demonstrate the model via a case study that evaluates risk for several candidate security policies on a representative computer network.
READ LESS

Summary

Computer networks are present throughout all sectors of our critical infrastructure and these networks are under a constant threat of cyber attack. One prevalent computer network threat takes advantage of unauthorized, and thus insecure, hardware on a network. This paper presents a prototype simulation system for network risk assessment that...

READ MORE
Agent-based simulation for assessing network security risk due to unauthorized hardware

Quantitative evaluation of dynamic platform techniques as a defensive mechanism

September 17, 2014
  |
Conference Paper
Author:
Hamed Okhravi
Published in:
RAID 2014: 17th Int. Symp. on Research in Attacks, Intrusions, and Defenses, 17-19 September 2014.
Topic:
systems analysis
R&D area:
R&D group:

Summary

Cyber defenses based on dynamic platform techniques have been proposed as a way to make systems more resilient to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this work, we first measure the protection provided by a dynamic platform technique on a testbed. The counter-intuitive results obtained from the testbed guide us in identifying and quantifying the major effects contributing to the protection in such a system. Based on the abstract effects, we develop a generalized model of dynamic platform techniques which can be used to quantify their effectiveness. To verify and validate out results, we simulate the generalized model and show that the testbed measurements and the simulations match with small amount of error. Finally, we enumerate a number of lessons learned in our work which can be applied to quantitative evaluation of other defensive techniques.
READ LESS

Summary

Cyber defenses based on dynamic platform techniques have been proposed as a way to make systems more resilient to attacks. These defenses change the properties of the platforms in order to make attacks more complicated. Unfortunately, little work has been done on measuring the effectiveness of these defenses. In this...

READ MORE
Quantitative evaluation of dynamic platform techniques as a defensive mechanism

Continuous security metrics for prevalent network threats - introduction and first four metrics

May 22, 2012
  |
Project Report
Author:
Richard P. Lippmann
Published in:
MIT Lincoln Laboratory Report IA-3
Topic:
systems analysis
R&D area:
R&D group:

Summary

The goal of this work is to introduce meaningful security metrics that motivate effective improvements in network security. We present a methodology for directly deriving security metrics from realistic mathematical models of adversarial behaviors and systems and also a maturity model to guide the adoption and use of these metrics. Four security metrics are described that assess the risk from prevalent network threats. These can be computed automatically and continuously on a network to assess the effectiveness of controls. Each new metric directly assesses the effect of controls that mitigate vulnerabilities, continuously estimates the risk from one adversary, and provides direct insight into what changes must be made to improve security. Details of an explicit maturity model are provided for each metric that guide security practitioners through three stages where they (1) Develop foundational understanding, tools and procedures, (2) Make accurate and timely measurements that cover all relevant network components and specify security conditions to test, and (3) Perform continuous risk assessments and network improvements. Metrics are designed to address specific threats, maintain practicality and simplicity, and motivate risk reduction. These initial four metrics and additional ones we are developing should be added incrementally to a network to gradually improve overall security as scores drop to acceptable levels and the risks from associated cyber threats are mitigated.
READ LESS

Summary

The goal of this work is to introduce meaningful security metrics that motivate effective improvements in network security. We present a methodology for directly deriving security metrics from realistic mathematical models of adversarial behaviors and systems and also a maturity model to guide the adoption and use of these metrics...

READ MORE
Continuous security metrics for prevalent network threats - introduction and first four metrics
1-5 of 5