@inbook{7cac4224cc05423d88a59d3462401bd1,
title = "Cross-layer damage assessment for cyber situational awareness",
abstract = "Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any {"}blind spots{"}. This chapter presents a generic multi-level damage assessment framework, which captures several fundamental characteristics of the damage assessment problem, points out the necessity and importance of cross-layer damage assessment, and identifies the key component techniques of a systematic damage assessment solution. To demonstrate the feasibility, merits and applicability of this framework, we propose a concrete virtual machine (VM) approach to do damage assessment across two fundamental abstraction levels: instruction level and OS level. This approach will integrate the damage assessment operations at the instruction level and the OS process level. This approach leads to a novel production-environment damage assessment architecture. Although this approach does not cover all of the abstraction levels, it shows that across-level damage assessment could be done in complex software systems.",
author = "Peng Liu and Xiaoqi Jia and Shengzhi Zhang and Xi Xiong and Jhi, {Yoon Chan} and Kun Bai and Jason Li",
note = "Funding Information: This work was supported by NSF CNS-0716479, AFOSR MURI: Autonomic Recovery of Enterprise-wide Systems after Attack or Failure with Forward Correction, AFRL award FA8750-08-C-0137, and ARO MURI: Computer-aided Human Centric Cyber Situation Awareness.",
year = "2010",
doi = "10.1007/978-1-4419-0140-8_8",
language = "English (US)",
isbn = "9781441901392",
series = "Advances in Information Security",
pages = "155--176",
editor = "Sushil Jajodia and Peng Liu and Vipin Swarup and Cliff Wang",
booktitle = "Cyber Situational Awareness",
}