Cyber security in complex ICT systems
Information and Communication Technology (ICT) has become an integral part of business and life. At the same time these systems have become extremely complex, often hosting thousands of software applications, databases, operating systems, servers, processes, data, et cetera. In these complex system-of-systems there exist numerous vulnerabilities waiting to be exploited by potential threat actors. Examples include power grids being shut down, smart cars taken over, and financial institutions being hit by server side and denial of service attacks. Since the devil is in the details security practices have mainly been focusing on technical solutions to specific problems e.g. anti-malware tools, firewalls, and intrusion detection systems. However, due to the complexity of today’s system-of-systems there is an increasing need of understanding and managing security in a holistic perspective. An attacker only needs one weak link while the potential victim must secure the whole system. Thus, even the use of advanced solutions can become useless if you have forgotten an open port, have poorly configured firewall rules, or have an unpatched host. As a solution to this problem threat modeling and the use of attack graphs has been proposed.
We aim to build a tool set for cyber security analysis, attack simulations and risk management, that can automatically build models and analyze these.
In order to build the said tool set we need a language that supports attack graph modeling, a calculation engine that can probabilistically estimate attacks in large graphs, a graphical user interface to manipulate the models, statistics to feed the model with correct information, and technology to automatically collect data..
Associate Professor Robert Lagerström
Software Systems Architecture and Security, School of Electrical Engineering, KTH Royal Institute of Technology
Links and References
Visit www.kth.se/profile/robertl for more information