[Dailydave] Mathematical Model for assessing Intentional Attacks

Darkpassenger darkpassenger at unseen.is
Thu Feb 4 16:56:50 EST 2016


i had sent out this mail a while ago on dd :
http://thread.gmane.org/gmane.comp.security.dailydave/5773
results are getting together but i still need input from academia 
society
while the work mentioned in this specific thread is of value ( i have 
taken a fast look at it this afternoon - and its very shot which is very 
good ) i assume a different approach must be taken to formulate cyber 
conflicts , wars , societal effects , layers of financial concerns wraps 
into various parts of the soft or hard elements of cyber and 
modern-physics have things to say about data stream and data at rest 
with security perspective . i have written a book review a couple of 
days ago about cyberwar and i will update that same thread this some 
details of my paper that i am allowed to share with outside and get 
feedbacks .

regards
-dp


On 2016-02-02 13:31, Konrads Smelkovs wrote:
> I skim read the book and have some initial thoughts. For sake of this 
> list,
> the TL;DR version of it is (in my poor paraphrasing):
> Take network, plot a graph, give nodes score based on connectedness,
> estimated attacker value sort by PageRank which gives you the most
> nodes-at-risk which then suggests where to concentrate defence efforts. 
> The
> Risk formula is adjusted as per the attached png.
> 
> I think this is an overall interesting approach and the authors 
> consider
> multiple types of attackers - e.g. authorised users exceeding 
> privileges
> and ghosts in the network, but I would find the application of this 
> model
> in the Real World [tm] problematic for the following reasons:
> 
> * value of node for its owner vs value for an attacker differs 
> depending on
> the type of attacker (I wish Authors would have used Intel's TARA);
> organisations find it problematic to put a value on the asset 
> themselves.
> * connectedness matters when you consider inbound connections, but 
> (unless
> I misunderstood), it sort of makes endpoints either super-connected 
> (each
> surf session to facebook.com makes the node much, much more connected 
> than
> anything else inside the network) or connected very little - perhaps 
> only
> to nearest management system.
> * the value of secrets on a system is quite important as an 
> intermediary
> target, for example, a management system in a NOC which has all those 
> RW
> SNMP strings is priceless and a big target and stepping stone.
> * finally, I think not all nodes are made equal as they have different
> "hardness", e.g. something running an ERP probably is a softer target 
> than
> a patched and locked down DC.
> 
> Regardless, I think this is a good foray into the topic and I wish 
> authors
> luck in following revisions.
> 
> 
> 
> --
> Konrads Smelkovs
> Applied IT sorcery
> 
>> 
>> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave


More information about the Dailydave mailing list