A decision model based security risk management approach

With increasing availability of computing system the enterprises are becoming increasing dependent on IT infrastructure and thus becoming vulnerable to threats. To assess the security of enterprise network, one must first understand how vulnerabilities can be combined for an attack Such an understanding becomes possible with recent advances in modeling the composition of vulnerabilities as attack graphs. An attack graph is a general formalism used to model security vulnerabilities of a system and all possible sequences of exploits which an intruder can use to achieve a specific goal. However, as the size and computational complexity of attack graphs greatly exceeds human ability to visualize, understand and analyze, a model is required to identify high probable paths of attack graphs that a potential attacker may follow. One method for handling attack graph complexity and scalability is to differentiate between likely and unlikely attack paths using threat modeling. Threat modeling is used during risk assessment to describe likely and unlikely adversary behavior, and so can be used for the same purpose during attack graph analysis and attack path identification out of it. The proposed approach uses a decision theoretic model to identify the most probable attack path using threat modeling.