Quantitative Risk Analysis of Computer Networks. D. J. Bilar, Dartmouth College
Currently, there are no models publicly accessible that attempt to quantify on an empirical basis the risk involved in deploying and managing these systems. Quantitative Security Risk Analysis is concerned with the quantification of risk in a network and the concomitant optimization problem.
Given a networked computer cluster (NCC), manage the expected risk of the network by implementing options subject to cost constraints. An NCC is viewed as a set of aggregate communication processes. A communication process is a process that listens to a network port and communicates with other processes which may or may not be communication processes. What is typically called a host may run anything from zero to dozens of communications processes. Vulnerability assessment consists of a detailed cataloguing of these processes on the network of interest.
The results of the inventory are matched against an up-to-date, online vulnerability databases. Communication processes are software programs, and as such contain ‘bugs’, enabling one or more of six vulnerability consequences: Compromises of availability, confidentiality, integrity, process privilege, trust privilege and full privilege. The risk of each communication process is defined as the product of its vulnerability consequence frequencies and exploit magnitudes. The exploit magnitudes are host specific; they are contingent the data the host holds and/or the functionality of the host within the NCC. The risk manager specifies these exploit losses. The aggregate NCC risk is a summation of the communication process risks with a larger weighting of the OS process. After the risk assessment, we can formulate an optimization problem for risk management:
Let R0 be the initial risk of the network. Let D = {D1, . , Dn} be the set of n options to improve the risk of my network. For instance, an option could be to replace an old version of the web server with a new one. Let S = {S1, . , Sm}, 0 < i < m, denote subsets of the options in D and let C = {C1, . , Cm} be the costs associated with implementing the Si th option set. Let R ={R1, . , Rm} be the NCC risk after implementing the Si th option set. Let K = {K1, . , Kp} be the set of cost constraints. The minimization problem is to select Si by choosing i: i = argmin(R0 - Ri), 0 <= i <= m, s.t. Ci <= K.
Go to . . .
2001 SRA Annual Meeting Table of Contents
2001 SRA Annual Meeting Author Index
Main Abstracts Menu Page
RiskWorld Home Page