TY - GEN
T1 - Towards actionable mission impact assessment in the context of cloud computing
AU - Sun, Xiaoyan
AU - Singhal, Anoop
AU - Liu, Peng
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2017.
PY - 2017
Y1 - 2017
N2 - Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.
AB - Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.
UR - http://www.scopus.com/inward/record.url?scp=85021963780&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85021963780&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-61176-1_14
DO - 10.1007/978-3-319-61176-1_14
M3 - Conference contribution
AN - SCOPUS:85021963780
SN - 9783319611754
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 259
EP - 274
BT - Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
A2 - Zhu, Sencun
A2 - Livraga, Giovanni
PB - Springer Verlag
T2 - 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
Y2 - 19 July 2017 through 21 July 2017
ER -