System Attack Surface Modeling Method in Network

doi:10.3969/j.issn.1671-1122.2022.03.004

Abstract

Abstract:

Aiming at the problems that the air traffic control information system is isolated from the Internet and the use of public released vulnerability information cannot effectively reflect its network security, this paper proposed a risk measurement model of air traffic management information system at the network level. The dimension of attack surface modeling had ports, protocols, data for each resource component. This model used Bayesian network to represent the relationship among resources to establish resource graph. Each resource component’s attack surface and vulnerability severity based on resource graph were fused into network attack surface triple. It represented the threat level of three dimensions and calculated the overall risk of the network architecture. Simulation experiments were carried out in the air traffic management automation system. Experiments quantified the threat situation of the system in different attack paths and dimensions. Besides, the network structure risk was analyzed from different angles and levels. Experimental results demonstrate the rationality and practical effectiveness of the proposed system attack surface risk assessment method. The attack surface model provides guidance for network security measures of air traffic management information system. Thus, security administrator can maximize system security under finite conditions.

Key words: risk measurement model, Bayesian network, attack surface metric, air traffic information system

CLC Number:

TP309

GU Zhaojun, YANG Rui, SUI He. System Attack Surface Modeling Method in Network[J]. Netinfo Security, 2022, 22(3): 29-38.

Figures/Tables 11

References 29

[1]	LOVATO A V, FONTES C H, EMBIRUCU M, et al. A Fuzzy Modeling Approach to Optimize Control and Decision Making in Conflict Management in Air Traffic Control[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S0360835217305302, 2018-01-08.
[2]	LYU Tao, SONG Wenbin, DU Ke. Human Factors Analysis of Air Traffic Safety Based on HFACS-BN Model[EB/OL]. https://doi.org/10.3390/app9235049, 2019-11-22.
[3]	VISHNYAKOVA L V, OBUKHOV Y V. A Solution to the Problem of Assessing Aviation Safety by Simulation Modeling[J]. Journal of Computer and Systems Sciences International, 2018, 57(6):957-969. doi: 10.1134/S1064230718060126 URL
[4]	SAMPIGETHAYA K, POOVENDRAN R. Cyber-physical System Framework for Future Aircraft and Air Traffic Control [C]//IEEE. 2012 IEEE Aerospace Conference, March 3-10, 2012, Big Sky, MT, USA. New York: IEEE, 2012: 1-9.
[5]	BATUWANGALA E, RAMASAMY S, BOGODA L, et al. Safety and Security Considerations in the Certification of Next Generation Avionics and Air Traffic Management Systems[EB/OL]. https://search.informit.org/doi/10.3316/INFORMIT.739354743285311, 2017-02-26. , 2017-02-26.
[6]	LYKOU G, IAKOVAKIS G, GRITZALIS D. Aviation Cybersecurity and Cyber-resilience: Assessing Risk in Air Traffic Management[M]. New York: Springer, 2019.
[7]	AHTO B, OLGA G, ALEKSANDR L, et al. Attribute Evaluation on Attack Trees with Incomplete Information[EB/OL]. https://www.sciencedirect.com/science/article/pii/S0167404819301774, 2020-01-18.
[8]	LALLIE H S, DEBATTISTA K, BAL J. A Review of Attack Graph and Attack Tree Visual Syntax in Cyber Security[J]. Computer Science Review, 2020, 35(2):6-19.
[9]	ENOCH S Y, LEE J S, KIM D S. Novel Security Models, Metrics and Security Assessment for Maritime Vessel Networks[J]. Computer Networks, 2021, 189(4):16-34.
[10]	BELLOVIN S M. Attack Surfaces[J]. IEEE Security & Privacy, 2016, 14(3):88-97.
[11]	HOWARD M, PINCUS J, WING J M. Measuring Relative Attack Surfaces[M]. Heidelberg: Springer, 2005.
[12]	MANADHATA P K, WING J M. An Attack Surface Metric[J]. IEEE Transactions on Software Engineering, 2011, 37(3):371-386. doi: 10.1109/TSE.2010.60 URL
[13]	YOUNIS A A, MALAIYA Y K. Relationship between Attack Surface and Vulnerability Density: A Case Study on Apache HTTP Server[EB/OL]. https://www.researchgate.net/publication/304675945_Relationship_between_attack_surface_and_vulnerability_density_A_case_study_on_apachehttp_server, 2012-07-15.
[14]	YOUNIS A A, MALAIYA Y K, RAY I. Using Attack Surface Entry Points and Reachability Analysis to Assess the Risk of Software Vulnerability Exploitability[C]//IEEE. 15th International Symposium on High-assurance Systems Engineering, January 9-11, 2014, Miami Beach, FL, USA. New York: IEEE, 2014: 1-8.
[15]	XIONG Xinli, ZHAO Guangsheng, XU Weiguang, et al. System Attack Surface Based MTD Effectiveness Assessment Model[J]. Journal of Tsinghua University: Science & Technology, 2019, 59(4):276-283.
	熊鑫立, 赵光胜, 徐伟光, 等. 基于系统攻击面的动态目标防御有效性评估方法[J]. 清华大学学报:自然科学版, 2019, 59(4):276-283.
[16]	THEISEN C, HERZIG K, MURPHY B, et al. Risk-based Attack Surface Approximation: How Much Data is Enough? [C]//IEEE. 2017 IEEE/ACM 39th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP), May 20-28, 2017, Buenos Aires, Argentina. New York: IEEE, 2017: 273-282.
[17]	Information Work Office of the State Council. GB/T 28448-2019 Information Security Technology Network Security Level Protection Evaluation Requirements[S]. Beijing: Standards Press of China, 2019.
	国务院信息化工作办公室. GB/T28448-2019 信息安全技术网络安全等级保护测评要求[S]. 北京: 中国标准出版社, 2019.
[18]	ZHANG Mengyuan, WANG Lingyu, JAJODIA S. Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience Against Zero-day Attacks[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(1):310-324. doi: 10.1109/TDSC.8858 URL
[19]	RAMOS A, LAZAR M, HOLANDA F R, et al. Model-based Quantitative Network Security Metrics: A Survey[J]. IEEE Communications Surveys & Tutorials, 2017, 19(4):2704-2734.
[20]	KHOSRAVI-FARMAD M, GHAEMI-BAFGHI A. Bayesian Decision Network-based Security Risk Management Framework[J]. Journal of Network and Systems Management, 2020, 28(4):1794-1819. doi: 10.1007/s10922-020-09558-5 URL
[21]	MUÑOZ-GONZÁLEZ L, SGANDURRA D, BARRÈRE M, et al. Exact Inference Techniques for the Analysis of Bayesian Attack Graphs[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 16(2):231-244. doi: 10.1109/TDSC.8858 URL
[22]	CHATZIPOULIDIS A, MICHALOPOULOS D, MAVRIDIS I. Information Infrastructure Risk Prediction through Platform Vulnerability Analysis[J]. Journal of Systems and Software, 2015, 106(7):28-41. doi: 10.1016/j.jss.2015.04.062 URL
[23]	THEISEN C, MUNAIAH N, AL-ZYOUD M, et al. Attack Surface Definitions: A Systematic Literature Review[J]. Information and Software Technology, 2018, 104(12):94-103. doi: 10.1016/j.infsof.2018.07.008 URL
[24]	MA Chunguang, WANG Chenghong, ZHANG Donghong, et al. A Dynamic Network Risk Assessment Model Based on Attacker’s Inclination[J]. Journal of Computer Research and Development, 2015, 52(9):2056-2068.
	马春光, 汪诚弘, 张东红, 等. 一种基于攻击意愿分析的网络风险动态评估模型[J]. 计算机研究与发展, 2015, 52(9):2056-2068.
[25]	YAMAGUCHI F, LINDNER F, RIECK K. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning [C]//USENIX. Proceedings of the 5th USENIX Conference on Offensive Technologies, August 8-12, 2011, California West, USA. Berkeley: USENIX, 2011: 13-23.
[26]	KHAN M A, MAHMOOD S. A Graph Based Requirements Clustering Approach for Component Selection[J]. Advances in Engineering Software, 2012, 54(12):1-16. doi: 10.1016/j.advengsoft.2012.08.002 URL
[27]	ZHANG Su, ZHANG Xinwen, OU Xinming, et al. Assessing Attack Surface with Component-based Package Dependency[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.706.430&rep=rep1&type=pdf, 2015-11-06.
[28]	WU Chensi, XIE Weiqiang, JI Yixiao, et al. Survey on Network System Security Metrics[J]. Journal on Communications, 2019, 40(6):14-31.
	吴晨思, 谢卫强, 姬逸潇, 等. 网络系统安全度量综述[J]. 通信学报, 2019, 40(6):14-31.
[29]	FREDERIC M, Thales Canada. Identifying Key Attack Surface Resources with Dynamic Analysis[R]. Ottawa: I.T. Security R&D Specialist for the Cyber Capability Development Centre(CCDC), 2268C. 001-REP-01-DA-TA1 Rev. 02, 2015.

攻击成本	度量	权值
SI	完整代码/功能代码/验证方法/无方法	0.25/0.43/0.67/1
SP	通用/特殊/特定	0.3/0.6/1
OR	工具/脚本/手动/团队	0.25/0.5/0.75/1
IR	不需要/常规信息/配置信息/关键信息	0/0.46/0.77/1

威胁等级	度量	权值
一级	信息泄露	0.15
二级	远程注册	0.25
三级	权限绕过	0.4
四级	有限访问	0.78
五级	完整权限	0.9

指标维度	指标	因素	度量	评分
基础	可利用性	AV	网络(N)/相邻(A)/ 本地(L)/物理(P)	0.85/0.62/0.55/0.2
		AC	低(L)/高(H)	0.77/0.44
		PR	无(N)/低(L)/高(H)	0.85/0.62/0.27
		UI	无(N)/需要(R)	0.85/0.62
	影响度	C、I、A	无(N)/低(L)/高(H)	0.00/0.22/0.56
	范围	S	不变(U)/变动(C)	—
环境	安全要求	CR、IR、AR	高(H)/中(M)/低(L)	1.5/1/0.5

设备	资源名称	攻击面
S	PRTG	<130.35, 3.12, 44.16>
F	McAfee	<96.18, 1.04, 92.96>
H1	Smaba	<157.70, 4.55, 82.16>
H2	Nginx	<27.52, 2.46, 28.31>
H3	Tomcat	<134.64, 3.12, 108.54>
H3	ProFTP	<84.53, 1.08, 94.38>
H4	MySQL	<71.72, 2.87, 67.68>

设备	资源名称	攻击面
S	PRTG	< 82.1205, 1.9656, 27.8208>
F	McAfee	< 55.7844, 0.6032, 53.9168>
H1	Smaba	< 118.275, 3.4125, 61.62>
H2	Nginx	< 18.4384, 1.6482, 18.9677>
H3	Tomcat	< 91.5552, 2.1216, 73.8072>
H3	ProFTP	< 47.3368, 0.6048, 52.8528>
H4	MySQL	< 35.1428, 1.4063, 33.1632>