Dynamic cybersecurity modelling and analysis.
Thesis DisciplineComputer Science
Degree GrantorUniversity of Canterbury
Degree NameDoctor of Philosophy
It is difficult to assess the security of modern networks, such as Cloud and software defined networks, because they are usually dynamic with configuration changes (e.g., changes in topology, firewall rules, etc). Graphical security models, such as Attack Graphs and Attack Trees, are widely used to systematically analyse the security posture of network systems using various security metrics. However, there are challenges in using them (i.e., the graphical security models and security metrics) to assess the security of dynamic networks. First, the existing graphical security models are unable to capture dynamic changes occurring in the networks over time. As a result, there is a lack of techniques to efficiently capture and manage the security changes that are happening in dynamic networks.
Secondly, the existing security metrics which are used with the models are not designed for the analysis of dynamic networks, and hence their effectiveness to the dynamic changes in the network remains unclear. Moreover, they may not quantitatively represent the changes in the security posture of the dynamic networks.
Thirdly, finding the optimal security solution for the dynamic networks is a difficult task due to their complexity and uncertainty of changes made. That is, an optimal solution for the current network configuration may not be optimal when the dynamic network changes in the future. As a result, it is difficult to select the best set of security solutions to deploy for modern networks that are dynamic. This thesis aims to address the aforementioned issues in three primary goals: (1) to develop an adaptable graphical security model to capture changes in dynamic networks, (2) to develop new security metrics that can effectively represent the security posture of dynamic networks, and (3) to develop optimal security hardening selection methods for dynamic networks taking into account multiple objectives and constraints.
To achieve the goal (1), two variant security models namely Temporal- Hierarchical Attack Representation Model (T-HARM) and Time-Independent HARM are proposed. The main idea behind the T-HARM is to capture and assess the security posture of the dynamic network at every time t, where the frequency of measurements could be time driven, event-driven or user-driven. On the other hand, the Time-Independent HARM is developed to provide an overview of the security posture of dynamic networks by aggregating all the observed multiple security states (i.e., without showing the multiple GSMs generated for every t ).
To achieve the goal (2), first, a systematic classification of the different type of network and security changes is presented. Based on the network changes, an evaluation of the existing security metrics is performed in order to identify which ones are suitable for the analysis of dynamic networks. Then, a new set of security metrics for assessing dynamic networks is developed. The proposed security metrics capture the dynamic changes that affect the security posture of the networks. To achieve the goal (3), an approach to select the best set of security hardening solutions for dynamic networks given multiple constraints (e.g., limited budget and downtime) is developed. T-HARM with three dynamic security metrics is used to evaluate the effectiveness of heterogeneous security hardening options. In addition, multi-objectives genetics algorithm is adapted to compute Pareto optimal deployment solutions that minimise security risk, security costs and downtime of implementation of the hardening options. The feasibility of the proposed approach is demonstrated in a real-world scenario by taking into account both patchable and non-patchable vulnerabilities. Further, a sensitivity analysis of the parameters of the genetic algorithm with respect to the dynamic networks are performed. Then, the results of the effect of varying multiple network states on the optimal solutions obtained are shown.
In summary, the main contribution of this thesis are: (1) the development of adaptable security models to capture and assess the security of dynamic networks; (2) the evaluations of existing security metrics for the analysis of dynamic networks; (3) the development of metrics for the quantitative assessment of dynamic networks; and (4) the development of optimal defence approaches for dynamic networks given multiple constraints.