93 lines
10 KiB
TeX
93 lines
10 KiB
TeX
\RequirePackage{setspace}
|
|
\documentclass{article}
|
|
\usepackage{boxedminipage}
|
|
\usepackage{graphicx} % Images
|
|
\graphicspath{ {./images/} }
|
|
\usepackage{subcaption} % Captions on subfigures
|
|
\usepackage{algorithm} % Math and Big Oh
|
|
\usepackage[noend]{algpseudocode}
|
|
\usepackage{ifpdf} % Detect PDF or DVI mode
|
|
\usepackage{babel} % Bibliography
|
|
|
|
\usepackage[utf8]{inputenc}
|
|
\usepackage{float}
|
|
\usepackage{indentfirst}
|
|
\setlength{\parskip}{\baselineskip}
|
|
|
|
% Table of Contents/Figure Spacing
|
|
\usepackage[titles]{tocloft}
|
|
\cftsetindents{figure}{0em}{3.5em}
|
|
\cftsetindents{table}{0em}{3.5em}
|
|
|
|
\title{CS 7863: Network Theory Final Project: Compliance Graph Analysis}
|
|
\author{Noah Schrick}
|
|
\date{May 3, 2022}
|
|
|
|
\begin{document}
|
|
|
|
\maketitle
|
|
\tableofcontents
|
|
|
|
\section{Introduction}
|
|
\subsection{Attack Graphs}
|
|
To address the rising risks of computing and threats to cybersecurity, vulnerability analysis modeling is a technique employed by experts to identify weak points in a system or set of systems. One such modeling approach is to represent the system or set of systems through graphical means, with system information encoded into the nodes and edges of the graph. This modeling approach was first utilized in the 1990s in a format called attack trees, and can be seen through the works of the authors of \cite{phillips_graph-based_1998} and \cite{schneier_modeling_1999}. These attack trees would later be expanded into attack graphs.
|
|
|
|
Attack graphs begin with a root node that contains all the current information of the system or set of systems. From this initial root state, all assets in the system are examined to see if any single modification can be made, where a modification is typically a change in system policy or security settings. If a modification can be made, an edge is drawn from the previous state to a new state that includes all of the previous state's information, but now reflects the change in the system. This edge is labeled to reflect which change was made to the system. This process is exhaustively repeated, where all system properties are examined, all attack options are fully enumerated, all permutations are examined, and all changes to a system are encoded into their own independent states, where these states are then individually analyzed through the process.
|
|
|
|
\subsection{Compliance Graphs}
|
|
Compliance graphs are an alternate form of attack graphs, utilized specifically for examining compliance and regulation statuses of systems. Like attack graphs, compliance graphs can also be used to determine all ways that systems may fall out of compliance or violate regulations. These graphs are notably useful for cyber-physical systems due to the increased need for compliance. As the authors of \cite{j_hale_compliance_nodate}, \cite{baloyi_guidelines_2019}, and \cite{allman_complying_2006} discuss, cyber-physical systems have seen greater usage, especially in areas such as critical infrastructure and Internet of Things.
|
|
|
|
The semantics of compliance graphs are similar to that of attack graphs, but with a few differences regarding the information at each state. While security and compliance statuses are related, the information that is analyzed in compliance graphs is focused less on certain security properties, and is expanded to also examine administrative policies and properties of systems. Since compliance and regulation is broad and can vary by industry and application, the information to analyze can range from safety regulations, maintenance compliance, or any other regulatory compliance. However, the graph structure of compliance graphs is identical to that of attack graphs, where edges represent a modification to the systems, and nodes represent all current information in the system.
|
|
|
|
\subsection{Difficulties of Compliance Graph Analysis}
|
|
Analysis of directed graphs is not as simple as their undirected counterparts, and attack and compliance graphs are directed acyclic graphs. The primary contributor to the increased difficulty is due to the asymmetric adjacency matrix present in directed graphs. With undirected graphs, simplifications can be made in the analysis process both computationally and conceptually. Since the ``in" degrees are equal to the ``out" degrees, less work is required both in terms of parsing the adjacency matrix, but also in terms of determining importance of nodes. As the author of \cite{Mieghem2018DirectedGA} discusses, the difficulty of directed graphs also extends to the graph Laplacian, where the definition for asymmetric adjacency matrices is not uniquely defined, and is based on either row or column sums computing to zero, but both cannot. The author of \cite{Mieghem2018DirectedGA} continues to discuss that directed graphs lead to complex eigenvalues, and can lead to adjacency matrices that are unable to be diagonalized. These challenges require different approaches for typical clustering or centrality measures.
|
|
|
|
\section{Related Works}
|
|
The author of \cite{ming_diss} presents three centrality measures that were applied to various attack graphs. The centrality measures implemented were Katz, K-path Edge, and Adapted PageRank. Each of these centrality measures are applicable to the directed format of attack graphs, and conclusions can be drawn regarding patching schemes for preventing exploits. As an approach for avoiding complex eigenvalues, the authors of \cite{Guo2017HermitianAM} present work examining directed, undirected, and mixed graphs using its Hermitian adjacency matrix. Other works, such as that discussed by the author of \cite{Mieghem2018DirectedGA} include mathematical manipulation of directed graph spectra (originally presented by the author of \cite{Brualdi2010SpectraOD}) with Schur's Theorem to bound eigenvalues and allow for explicit computation, which can then be used for additional analysis metrics.
|
|
|
|
\section{Experimental Networks}
|
|
The work conducted in this approach utilized three compliance graphs, with their properties displayed in Table \ref{table:networks}. Connectivity in this table refers to the mean degree, divided by the number of nodes in the network, multiplied by 100 to get the number in a percentage form. Network 1 is a vehicle maintenance network. This network has one car asset that is deemed ``brand new", and has no mileage. This network is examined at its current state, and progresses through time with time steps of 1 month, up to 12 months total. At each time step the car gains mileage and increases its age property, and is reexamined to evaluate its standing in regards to its vehicular regulatory maintenance schedule. Network 2 is an artificial company network that is attempting to maintain HIPAA compliance \cite{noauthor_health_1996}. This network examines its standing in relation to security properties that are required per HIPAA guidelines, as well as employee cooperation to training and administrative policies. This network is also progressed through time to illustrate the company's standing in relation to yearly audits and trainings that must be followed. Employees are also added and removed through the network at set points during the time progression process. Network 3 is another artificial company network. This company is attempting to maintain PCI DSS compliance \cite{PCI}. This network generation was static and did not progress through time. This network examined the company and its current state, and examined all changes that could occur. These changes were primarily tied to security properties such as physical break-ins on the property, firewalls being disabled, default system settings, and encryption expiration.
|
|
|
|
\begin{table}[]
|
|
\centering
|
|
\begin{tabular}{|c|c|c|c|}
|
|
\hline
|
|
\textbf{Network} & \textbf{Nodes} & \textbf{Edges} & \textbf{Connectivity (\%)} \\ \hline
|
|
Car & 2491 & 12968 & 0.209 \\ \hline
|
|
HIPAA & 2321 & 8063 & 0.150 \\ \hline
|
|
PCI DSS & 61 & 163 & 4.381 \\ \hline
|
|
\end{tabular}
|
|
\caption{Network Properties for the Three Networks Utilized}
|
|
\label{table:networks}
|
|
\end{table}
|
|
|
|
\section{Centralities}
|
|
\subsection{Introduction}
|
|
The author of \cite{PMID:30064421} provides a survey of centrality measures, and discusses how various centrality measures have been implemented and brought forth in order to determine node importance in networks. By determining the importance of nodes, various conclusions can be drawn regarding the network. In the case of compliance graphs, conclusions can be drawn regarding the prioritization of patching or correction schemes. If one node is known to lead to the creation of many other nodes, it may be said that a patch is imperative to prevent further opportunities for compliance violation. This work discusses five centrality measures, and discusses their application to compliance graphs.
|
|
\subsection{Degree}
|
|
Degree centrality is a trivial, localized measure of node importance based on the number of edges that a node has. In an undirected graph, the degree centrality is predicated solely on the number of edges. However, in the case of a directed graph, a distinction is drawn with a degree centrality oriented on the number of edges coming into a node, and another measure focused on the number of edges leaving a node. Both of these cases provide useful information for compliance graphs. When a node has a large number of other nodes it points to, this node may be prioritized since it creates further room for violation. When a node has a large number of edges pointing to it, this node may be prioritized since the probability that systems may enter this state is higher due to the increased number of ways that a system could lead to this state.
|
|
\subsection{Betweenness}
|
|
\subsection{Katz}
|
|
\subsection{K-Path Edge}
|
|
\subsection{Adapted Page Rank}
|
|
|
|
\section{Transitive Closure}
|
|
\subsection{Introduction}
|
|
\subsection{Application}
|
|
|
|
\section{Dominant Tree}
|
|
\subsection{Introduction}
|
|
\subsection{Application}
|
|
|
|
\section{Results and Result Analysis}
|
|
|
|
\section{Conclusions and Future Work}
|
|
|
|
\clearpage
|
|
|
|
\addcontentsline{toc}{section}{Bibliography}
|
|
\bibliography{Bibliography}
|
|
\bibliographystyle{ieeetr}
|
|
|
|
|
|
\end{document} |