Cross-layer damage assessment for cyber situational awareness

Peng Liu, Xiaoqi Jia, Shengzhi Zhang, Xi Xiong, Yoon Chan Jhi, Kun Bai, Jason Li

Research output: Chapter in Book/Report/Conference proceedingChapter

15 Scopus citations

Abstract

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any "blind spots". This chapter presents a generic multi-level damage assessment framework, which captures several fundamental characteristics of the damage assessment problem, points out the necessity and importance of cross-layer damage assessment, and identifies the key component techniques of a systematic damage assessment solution. To demonstrate the feasibility, merits and applicability of this framework, we propose a concrete virtual machine (VM) approach to do damage assessment across two fundamental abstraction levels: instruction level and OS level. This approach will integrate the damage assessment operations at the instruction level and the OS process level. This approach leads to a novel production-environment damage assessment architecture. Although this approach does not cover all of the abstraction levels, it shows that across-level damage assessment could be done in complex software systems.

Original languageEnglish (US)
Title of host publicationCyber Situational Awareness
Subtitle of host publicationIssues and Research
EditorsSushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang
Pages155-176
Number of pages22
DOIs
StatePublished - 2010

Publication series

NameAdvances in Information Security
Volume46
ISSN (Print)1568-2633

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Cross-layer damage assessment for cyber situational awareness'. Together they form a unique fingerprint.

Cite this