Harùspex: a Suite to Assess and Manage ICT Risk by Simulating Threat Agents

نویسندگان

  • Fabrizio Baiardi
  • Federico Tonelli
  • Daniela Pestonesi
  • Valentino Angeletti
چکیده

Haruspex is a suite that supports a scenario-based assessment. In each scenario, intelligent agents compose elementary attacks against an ICT system to reach some predefined goals. Some Haruspex tools build the models of the target system and of the agents of interest. Using these model, further tools apply a Monte Carlo method with multiple, independent simulations of the agent attacks and return a sample to compute statistics of interest. Other Haruspex tools use the statistics to produce some security stress curves that evaluate the system robustness and select countermeasures to improve it. After describing our approach and the tools, we detail the assessment of a turbo gas power generation plant.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Simulating Attack Plans Against ICT Infrastructures

Goal-oriented, rational threat agents attack a complex ICT infrastructure by composing elementary attacks against distinct components into an attack chain or attack plan. To compute statistics on the success probabilities of these plans, we have designed and implemented Haruspex, a tool that implements a Monte Carlo method by simulating the agent plans. A proper set of Haruspex experiments retu...

متن کامل

Producing Data to Assess and Manage ICT Risk by Simulating Threat Agents

Most de nitions of risk agree it is an increasing function of the probability of some events according to historical data on the occurrence of theses events. Hence, no data are available to assess the risk due to the adoption of a new technology or of a version of a system that introduces a large number of changes. As an example, since the events of interest to assess a smart meter widely di er...

متن کامل

Considering Application Vulnerabilities in Risk Assessment and Management

The Haruspex suite is an integrated set of tools that adopts a scenario approach to automate ICT risk assessment and management. Each scenario includes an ICT infrastructure under attack by some intelligent attackers with some predefined goals. An attacker can reach its goals only by sequentially composing the attacks. This is the only strategy to overcome the infrastructure complexity and its ...

متن کامل

Application Vulnerabilities in Risk Assessment and Management

The Haruspex suite is an integrated set of tools that adopts a scenario approach to automate ICT risk assessment and management. Each scenario includes an ICT infrastructure under attack by some intelligent attackers with some predefined goals. An attacker can reach its goals only by sequentially composing the attacks. This overcomes the infrastructure complexity and its large number of nodes. ...

متن کامل

Iterative selection of countermeasures for intelligent threat agents

We describe a model-based approach to select cost effective countermeasures for an information and communication technology infrastructure under attack by intelligent agents. Each agent tries to reach some predefined goals through a sequence of attacks. The proposed approach builds models of the infrastructure and of the agents and then it applies a Monte Carlo method that runs multiple, indepe...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015