73 lines
4.3 KiB
TeX
73 lines
4.3 KiB
TeX
\RequirePackage{setspace}
|
|
\documentclass{article}
|
|
\usepackage{boxedminipage}
|
|
\usepackage{graphicx} % Images
|
|
\graphicspath{ {./images/} }
|
|
\usepackage{subcaption} % Captions on subfigures
|
|
\usepackage{algorithm} % Math and Big Oh
|
|
\usepackage[noend]{algpseudocode}
|
|
\usepackage{ifpdf} % Detect PDF or DVI mode
|
|
\usepackage{babel} % Bibliography
|
|
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage{float}
|
|
\usepackage{indentfirst}
|
|
\setlength{\parskip}{\baselineskip}
|
|
|
|
% Table of Contents/Figure Spacing
|
|
\usepackage[titles]{tocloft}
|
|
\cftsetindents{figure}{0em}{3.5em}
|
|
\cftsetindents{table}{0em}{3.5em}
|
|
|
|
\title{CS 7863: Network Theory Final Project: Compliance Graph Analysis}
|
|
\author{Noah Schrick}
|
|
\date{May 3, 2022}
|
|
|
|
\begin{document}
|
|
|
|
\maketitle
|
|
\tableofcontents
|
|
|
|
\section{Introduction}
|
|
\subsection{Attack Graphs}
|
|
To address the rising risks of computing and threats to cybersecurity, vulnerability analysis modeling is a technique employed by experts to identify weak points in a system or set of systems. One such modeling approach is to represent the system or set of systems through graphical means, with system information encoded into the nodes and edges of the graph. This modeling approach was first utilized in the 1990s in a format called attack trees, and can be seen through the works of the authors of \cite{phillips_graph-based_1998} and \cite{schneier_modeling_1999}. These attack trees would later be expanded into attack graphs.
|
|
|
|
Attack graphs begin with a root node that contains all the current information of the system or set of systems. From this initial root state, all assets in the system are examined to see if any single modification can be made, where a modification is typically a change in system policy or security settings. If a modification can be made, an edge is drawn from the previous state to a new state that includes all of the previous state's information, but now reflects the change in the system. This edge is labeled to reflect which change was made to the system. This process is exhaustively repeated, where all system properties are examined, all attack options are fully enumerated, all permutations are examined, and all changes to a system are encoded into their own independent states, where these states are then individually analyzed through the process.
|
|
|
|
\subsection{Compliance Graphs}
|
|
Compliance graphs are an alternate form of attack graphs, utilized specifically for examining compliance and regulation statuses of systems. Like attack graphs, compliance graphs can also be used to determine all ways that systems may fall out of compliance or violate regulations. These graphs are notably useful for cyber-physical systems due to the increased need for compliance. As the authors of \cite{j_hale_compliance_nodate}, \cite{baloyi_guidelines_2019}, and \cite{allman_complying_2006} discuss, cyber-physical systems have seen greater usage, especially in areas such as critical infrastructure and Internet of Things.
|
|
|
|
The semantics of compliance graphs are similar to that of attack graphs, but with a few differences regarding the information at each state. While security and compliance statuses are related, the information that is analyzed in compliance graphs is focused less on certain security properties, and is expanded to also examine administrative policies and properties of systems. Since compliance and regulation is broad and can vary by industry and application, the information to analyze can range from safety regulations, maintenance compliance, or any other regulatory compliance. However, the graph structure of compliance graphs is identical to that of attack graphs, where edges represent a modification to the systems, and nodes represent all current information in the system.
|
|
|
|
\subsection{Difficulties of Compliance Graph Analysis}
|
|
|
|
\section{Related Works}
|
|
|
|
\section{Experimental Networks}
|
|
|
|
\section{Centralities}
|
|
\subsection{Introduction}
|
|
\subsection{Degree}
|
|
\subsection{Betweenness}
|
|
\subsection{Katz}
|
|
\subsection{K-Path Edge}
|
|
\subsection{Adapted Page Rank}
|
|
|
|
\section{Transitive Closure}
|
|
\subsection{Introduction}
|
|
\subsection{Application}
|
|
|
|
\section{Dominant Tree}
|
|
\subsection{Introduction}
|
|
\subsection{Application}
|
|
|
|
\section{Results and Result Analysis}
|
|
|
|
\section{Conclusions and Future Work}
|
|
|
|
\addcontentsline{toc}{section}{Bibliography}
|
|
\bibliography{Bibliography}
|
|
\bibliographystyle{ieeetr}
|
|
|
|
|
|
\end{document} |