[Dailydave] Mathematical Model for assessing Intentional Attacks
Darkpassenger
darkpassenger at unseen.is
Thu Feb 4 16:56:50 EST 2016
i had sent out this mail a while ago on dd :
http://thread.gmane.org/gmane.comp.security.dailydave/5773
results are getting together but i still need input from academia
society
while the work mentioned in this specific thread is of value ( i have
taken a fast look at it this afternoon - and its very shot which is very
good ) i assume a different approach must be taken to formulate cyber
conflicts , wars , societal effects , layers of financial concerns wraps
into various parts of the soft or hard elements of cyber and
modern-physics have things to say about data stream and data at rest
with security perspective . i have written a book review a couple of
days ago about cyberwar and i will update that same thread this some
details of my paper that i am allowed to share with outside and get
feedbacks .
regards
-dp
On 2016-02-02 13:31, Konrads Smelkovs wrote:
> I skim read the book and have some initial thoughts. For sake of this
> list,
> the TL;DR version of it is (in my poor paraphrasing):
> Take network, plot a graph, give nodes score based on connectedness,
> estimated attacker value sort by PageRank which gives you the most
> nodes-at-risk which then suggests where to concentrate defence efforts.
> The
> Risk formula is adjusted as per the attached png.
>
> I think this is an overall interesting approach and the authors
> consider
> multiple types of attackers - e.g. authorised users exceeding
> privileges
> and ghosts in the network, but I would find the application of this
> model
> in the Real World [tm] problematic for the following reasons:
>
> * value of node for its owner vs value for an attacker differs
> depending on
> the type of attacker (I wish Authors would have used Intel's TARA);
> organisations find it problematic to put a value on the asset
> themselves.
> * connectedness matters when you consider inbound connections, but
> (unless
> I misunderstood), it sort of makes endpoints either super-connected
> (each
> surf session to facebook.com makes the node much, much more connected
> than
> anything else inside the network) or connected very little - perhaps
> only
> to nearest management system.
> * the value of secrets on a system is quite important as an
> intermediary
> target, for example, a management system in a NOC which has all those
> RW
> SNMP strings is priceless and a big target and stepping stone.
> * finally, I think not all nodes are made equal as they have different
> "hardness", e.g. something running an ERP probably is a softer target
> than
> a patched and locked down DC.
>
> Regardless, I think this is a good foray into the topic and I wish
> authors
> luck in following revisions.
>
>
>
> --
> Konrads Smelkovs
> Applied IT sorcery
>
>>
>>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list