Selecting Countermeasures for ICT
Systems Dipartimento di
Informatica, Università
di Pisa Pisa, Italy Abstract A countermeasure is any change to a system to reduce
the probability it is successfully attacked. We propose a model based
approach that selects countermeasures through multiple simulations of the
behaviors of an ICT system and of intelligent attackers that implement
sequences of attacks. The simulations return information on the attacker
sequences and the goals they reach we use to compute the statistics that
drive the selection. Since attackers change their sequences as
countermeasures are deployed, we have defined an iterative strategy where each iteration selects some countermeasures, updates the
system models and runs the simulations to discover any new attacker sequence.
The discovery of new sequences starts a new iteration. The Haruspex suite
automates the proposed approach. Some of its tools acquire information on the
target system and on the attackers and build the corresponding models.
Another tool simulates the attacks through the models of the system and of
the attackers. The tool to select countermeasures invokes the other ones to
discover how countermeasures influence the attackers. We apply the whole
suite to three systems and discuss how the connection topology influences the
countermeasures to adopt. Keywords: Risk Assessment and Management; Countermeasures;
Scenario; Monte Carlo Method +: Corresponding author: Fabrizio Baiardi Journal
of Wireless Mobile Networks, Ubiquitous Computing, and Dependable
Applications (JoWUA), |