Research On Model-based Network Security Risk Assessment

Risk assessment is an active security technology,which can make network information system more secure and robust.Taking so many security factors such as threatens,assets,vulnerabilities into account,and the risk assessment technology can help administrators take an active attitude to identify those potential threatens that their systems will be exposed to.Now it has become the fundamental work and the key link for the national information assurance framework.When we more and more rely on the world of Internet day by day,research on network information risk assessment has been one of research focus in the network security field.The research of this dissertation focuses on the quantitative methodologies of the network security assessment.This dissertation first analyzes the principle of the information risk assessment,and then discussed standards,methodologies,tools about the risk assessment.After presenting the taxonomy and the state of the art of the risk assessment methodologies,the dissertation analyzes the challenges which the research in this field is facing and points out the main reason for those challenges is the knowledge based traditional risk assessment methodologies can not adapt themselves to the network security risk assessment problem since there are always so many new risks in the rapid developing world of Internet.So the new technologies and methodologies should be developed according to the specific characters,the patterns behaviors of vulnerabilities and threatens in the network.So the dissertation gives the term"Model-based network security risk assessment"a more meaningful definition.The methodology called a model-based will use one network security analysis model to design the scenarios of threatens according to the patterns behaviors of vulnerabilities and threatens in the network,and then the risk assessment will be done under those scenarios.Following this new definition,the dissertation proposes a Component-centric Access Graph Based Network Security Risk Assessment Model(Oc-AG NSRAM).The main research of this dissertation focuses on this model and the main contributions of this dissertation are as follows. 1.Proposed a suitable component-centric access graph model to risk assessment.The component-centric access graph model can identify global vulnerabilities of a network due to analyzing the effects of interactions of the individual hosts'local vulnerabilities.Compared with related works,our approach improves the performance and further reduces the computational cost of the access graph generation algorithm according to the large network which is divided by many subnets,and then it can scale better to more practical,realistic size networks.2.Proposed a reliability-theory based algorithm for estimating the probability of event.The dissertation introduces the reliability theory to the algorithm for estimating the probability of event.The reliability theory is used to construct the function of the probability of the event using both the vulnerability'cost and the level-of-effort of the attacker.So the result is more precise and objective.3.Proposed a security-policy oriented algorithm for estimating the loss of asset due to the event.The dissertation introduces the security policies to the algorithm for estimating loss of asset due to event.The algorithm estimate the event's risk impact on the asset using the degree of the violation the police rules.So the result is more precise and objective.In addition,We also define a metamodel,or domain specific language,for risk assess model in the prototype implementation,user can model their network information system using this language,build risk assessment tools based on this language,and exchange their model with other systems.