Dailydave mailing list archives
Re: Mathematical Model for assessing Intentional Attacks
From: Darkpassenger <darkpassenger () unseen is>
Date: Thu, 04 Feb 2016 13:56:50 -0800
i had sent out this mail a while ago on dd : http://thread.gmane.org/gmane.comp.security.dailydave/5773results are getting together but i still need input from academia society while the work mentioned in this specific thread is of value ( i have taken a fast look at it this afternoon - and its very shot which is very good ) i assume a different approach must be taken to formulate cyber conflicts , wars , societal effects , layers of financial concerns wraps into various parts of the soft or hard elements of cyber and modern-physics have things to say about data stream and data at rest with security perspective . i have written a book review a couple of days ago about cyberwar and i will update that same thread this some details of my paper that i am allowed to share with outside and get feedbacks .
regards -dp On 2016-02-02 13:31, Konrads Smelkovs wrote:
I skim read the book and have some initial thoughts. For sake of this list,the TL;DR version of it is (in my poor paraphrasing): Take network, plot a graph, give nodes score based on connectedness, estimated attacker value sort by PageRank which gives you the mostnodes-at-risk which then suggests where to concentrate defence efforts. TheRisk formula is adjusted as per the attached png.I think this is an overall interesting approach and the authors consider multiple types of attackers - e.g. authorised users exceeding privileges and ghosts in the network, but I would find the application of this modelin the Real World [tm] problematic for the following reasons:* value of node for its owner vs value for an attacker differs depending onthe type of attacker (I wish Authors would have used Intel's TARA);organisations find it problematic to put a value on the asset themselves. * connectedness matters when you consider inbound connections, but (unless I misunderstood), it sort of makes endpoints either super-connected (each surf session to facebook.com makes the node much, much more connected than anything else inside the network) or connected very little - perhaps onlyto nearest management system.* the value of secrets on a system is quite important as an intermediary target, for example, a management system in a NOC which has all those RWSNMP strings is priceless and a big target and stepping stone. * finally, I think not all nodes are made equal as they have different"hardness", e.g. something running an ERP probably is a softer target thana patched and locked down DC.Regardless, I think this is a good foray into the topic and I wish authorsluck in following revisions. -- Konrads Smelkovs Applied IT sorcery_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Mathematical Model for assessing Intentional Attacks Victor Chapela (Feb 02)
- Re: Mathematical Model for assessing Intentional Attacks Konrads Smelkovs (Feb 04)
- Re: Mathematical Model for assessing Intentional Attacks Darkpassenger (Feb 04)
- Re: Mathematical Model for assessing Intentional Attacks Konrads Smelkovs (Feb 04)