Considering Application Vulnerabilities in Risk Assessment and Management

The Haruspex suite is an integrated set of tools that adopts a scenario approach to automate ICT risk assessment and management. Each scenario includes an ICT infrastructure under attack by some intelligent attackers with some predefined goals. An attacker can reach its goals only by sequentially composing the attacks. This is the only strategy to overcome the infrastructure complexity and its large number of nodes. The suite applies a Monte Carlo method with multiple simulations of the attacker behavior to discover the sequences of each attacker. This simulation exploits a formal model of the target infrastructure that describes the infrastructure nodes, the vulnerabilities of the components these nodes run, and the logical topology. The multiple simulations of the Monte Carlo method support the discovering of alternative sequences and return a statistical sample of these sequences. This sample supports the computation of statistics to assess and manage the risk. This paper proposes an extension to the original model of the infrastructure to describe in a more accurate way how the implementation hierarchy and the interactions affect the attacks. After describing this extension, we show how it supports the modeling of web applications. In the end, we adopt the new model to assess a critical infrastructure that supervises and manages gas distribution.