Skip to main content
SpringerLink
Log in

Attack Volume Model: Geometrical Approach and Application

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9572))

Included in the following conference series:

Abstract

The sophistication and efficiency of current attacks makes the detection and mitigation process a very difficult task for security analysts. Research in information security has always focused on the effects of a given attack over a particular target and the methodologies to evaluate and select countermeasures accordingly. Multiple attack scenarios are hardly considered concurrently to assess the risk and propose security solutions. This paper proposes a geometrical model that represents the volume of attacks and countermeasures based on a three-dimensional coordinate system (i.e. user, channel, and resource). The CARVER methodology is used to give an appropriate weight to each entity composing the axes in the coordinate system. These weights represent the criticality of the different system entities. As a result, volumes are related to risks, making it possible to determine the magnitude and coverage of each attack and countermeasure within a given system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agarwal, P., Efrat, A., Ganjugunte, S., Hay, D., Sankararaman, S., Zussman, G.: Network vulnerability to single, multiple and probabilistic physical attacks. In: Military Communications Conference (2010)

    Google Scholar 

  2. Baumhof, A., Shipp, A.: Zeus P2P advancements and MitB attack vectors. Technical report, ThreatMetrix Labs Public Report (2012)

    Google Scholar 

  3. Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 143–159. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Fisher, D.: Microsoft releases attack surface analizer tool (2012). http://threatpost.com/en_us/blogs/microsoft-releases-attack-surface-analyzer-tool-080612

  5. Granadillo, G.G., Belhaouane, M., Débar, H., Jacob, G.: Rori-based countermeasure selection using the orbac formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)

    Article  Google Scholar 

  6. Gruschka, N.: Attack surfaces: a taxonomy for attacks on cloud services. In: 3rd International Conference on Cloud Computing. IEEE (2010)

    Google Scholar 

  7. Howard, M.: Mitigate security risks by minimizing the code you expose to untrusted users. MSDN Mag. (2004)

    Google Scholar 

  8. Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds.) Computer Security in the 21st Century, pp. 109–137. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Kissel, R.: Glossary of key information security terms. National Institute of Standards and Technologies, U.S. Department of Commerce (2011)

    Google Scholar 

  11. Kriegisch, A.: Detecting conficker in your network. Technical report, CERT White Paper (2009)

    Google Scholar 

  12. Li, N., Tripunitara, M.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)

    Article  Google Scholar 

  13. Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37, 371–386 (2010)

    Article  Google Scholar 

  14. Norman, T.L.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor and Francis Group, Boca Raton (2010)

    Google Scholar 

  15. Northcutt, S.: The attack surface problem. In: SANS technology Institute Document (2011)

    Google Scholar 

  16. Petajasoja, S., Kortti, H., Takanen, A., Tirila, J.: IMS threat and attack surface analysis using common vulnerability scoring system. In: 35th IEEE Annual Computer Software and Applications Conference Workshops (2011)

    Google Scholar 

Download references

Acknowledgements

The research in this paper has received funding from the Information Technology for European Advancements (ITEA2) within the context of the ADAX Project (Attack Detection and Countermeasure Simulation), and the PANOPTESEC project, as part of the Seventh Framework Programme (FP7) of the European Commission (GA 610416).

Author information

Authors and Affiliations

  1. Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, 9 rue Charles Fourier, 91011, Evry, France

    Gustavo Gonzalez Granadillo, Grégoire Jacob & Hervé Debar

Authors
  1. Gustavo Gonzalez Granadillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Grégoire Jacob
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gustavo Gonzalez Granadillo .

Editor information

Editors and Affiliations

  1. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  2. Université de la Polynésie Française, Faa'a, French Polynesia

    Alban Gabillon

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Granadillo, G.G., Jacob, G., Debar, H. (2016). Attack Volume Model: Geometrical Approach and Application. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31811-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31810-3

  • Online ISBN: 978-3-319-31811-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation