noah/Synchronous_Firing
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding existing work

Browse Source
This commit is contained in:
Noah L. Schrick 2022-09-27 22:32:31 -05:00
commit 6abaac6a1d
21 changed files with 2707 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
Bibliography.bib Normal file
View File

@ -0,0 +1,138 @@
@article{schneier_modeling_1999,
title = {Modeling {Security} {Threats}},
url = {https://www.schneier.com/academic/archives/1999/12/attack_trees.html},
author = {Schneier, Bruce},
year = {1999},
journal = {Dr. Dobb's Journal},
note = {vol. 24, no.12}
}
@article{phillips_graph-based_1998,
title = {A graph-based system for network-vulnerability analysis},
volume = {Part F1292},
issn = {1581131682},
doi = {10.1145/310889.310919},
abstract = {This paper presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The graph-based tool can identify the set of attack paths that have a high probability of success (or a low "effort" cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is "matched" with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.},
journal = {Proceedings New Security Paradigms Workshop},
author = {Phillips, Cynthia and Swiler, Laura Painton},
note = {doi: 10.1145/310889.310919},
year = {1998},
keywords = {Attack graph, Computer security, Network vulnerability},
pages = {71--79},
file = {310889.310919:/home/noah/Zotero/storage/JMW5DI72/310889.310919.pdf:application/pdf},
}
@article{ou_scalable_2006,
title = {A {Scalable} {Approach} to {Attack} {Graph} {Generation}},
issn = {1595935185},
author = {Ou, Xinming and Boyer, Wayne F and Mcqueen, Miles A},
year = {2006},
journal = {CCS '06: Proceedings of the 13th ACM conference on Computer and communications security},
keywords = {attack graphs, enterprise network security, logic-programming},
pages = {336--345},
file = {1180405.1180446:/home/noah/Zotero/storage/TJKHVC4R/1180405.1180446.pdf:application/pdf},
}
@misc{j_hale_compliance_nodate,
title = {Compliance {Method} for a {Cyber}-{Physical} {System}},
author = {{J. Hale} and Hawrylak, P. and Papa, M.},
note = {U.S. Patent Number 9,471,789, Oct. 18, 2016.},
number = {9471789},
file = {Complaince_Graph_US_Patent_9471789:/home/noah/Zotero/storage/55BZN4U7/Complaince_Graph_US_Patent_9471789.pdf:application/pdf},
}
@inproceedings{baloyi_guidelines_2019,
address = {Skukuza South Africa},
title = {Guidelines for {Data} {Privacy} {Compliance}: {A} {Focus} on {Cyberphysical} {Systems} and {Internet} of {Things}},
doi = {10.1145/3351108.3351143},
booktitle = {{SAICSIT} '19: {Proceedings} of the {South} {African} {Institute} of {Computer} {Scientists} and {Information} {Technologists} 2019},
publisher = {Association for Computing Machinery},
author = {Baloyi, Ntsako and Kotzé, Paula},
year = {2019},
}
@article{allman_complying_2006,
title = {Complying with {Compliance}: {Blowing} it off is not an option.},
volume = {4},
number = {7},
journal = {ACM Queue},
author = {Allman, Eric},
year = {2006},
}
@article{sheyner_automated_2002,
title = {Automated {Generation} and {Analysis} of {Attack} {Graphs}},
issn = {9781787284395},
journal = {Proceeding of 2002 IEEE Symposium on Security and Privacy},
author = {Sheyner, O. and Haines, J. and Jha, S. and Lippmann, R.. and Wing, J.},
year = {2002},
pages = {254--265},
file = {sheyner-wing02:/home/noah/Zotero/storage/BV6NHT6L/sheyner-wing02.pdf:application/pdf},
}
@article{zhang_boosting_2017,
title = {Boosting the performance of {FPGA}-based graph processor using hybrid memory cube: {A} case for breadth first search},
issn = {9781450343541},
doi = {10.1145/3020078.3021737},
abstract = {Large graph processing has gained great attention in recent years due to its broad applicability from machine learning to social science. Large real-world graphs, however, are inherently difficult to process efficiently, not only due to their large memory footprint, but also that most graph algorithms entail memory access patterns with poor locality and a low compute-to-memory access ratio. In this work, we leverage the exceptional random access performance of emerging Hybrid Memory Cube (HMC) technology that stacks multiple DRAM dies on top of a logic layer, combined with the flexibility and efficiency of FPGA to address these challenges. To our best knowledge, this is the first work that implements a graph processing system on a FPGA-HMC platform based on software/hardware co-design and co-optimization. We first present the modifications of algorithm and a platform-aware graph processing architecture to perform level-synchronized breadth first search (BFS) on FPGA-HMC platform. To gain better insights into the potential bottlenecks of proposed implementation, we develop an analytical performance model to quantitatively evaluate the HMC access latency and corresponding BFS performance. Based on the analysis, we propose a two-level bitmap scheme to further reduce memory access and perform optimization on key design parameters (e.g. memory access granularity). Finally, we evaluate the performance of our BFS implementation using the AC-510 development kit from Micron. We achieved 166 million edges traversed per second (MTEPS) using GRAPH500 benchmark on a random graph with a scale of 25 and an edge factor of 16, which significantly outperforms CPU and other FPGA-based large graph processors.},
journal = {FPGA 2017 - Proceedings of the 2017 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays},
author = {Zhang, Jialiang and Khoram, Soroosh and Li, Jing},
year = {2017},
pages = {207--216},
file = {Boosting the Performance of FPGA-based Graph Processor using Hybrdi Memory Cube:/home/noah/Zotero/storage/CDKPUXYF/Boosting the Performance of FPGA-based Graph Processor using Hybrdi Memory Cube.pdf:application/pdf},
}
@inproceedings{Monotonicity,
author = {Ammann, Paul and Wijesekera, Duminda and Kaushik, Saket},
title = {Scalable, Graph-Based Network Vulnerability Analysis},
year = {2002},
isbn = {1581136129},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/586110.586140},
doi = {10.1145/586110.586140},
abstract = {Even well administered networks are vulnerable to attack. Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based algorithms to generate attack trees (or graphs). Either structure represents all possible sequences of exploits, where any given exploit can take advantage of the penetration achieved by prior exploits in its chain, and the final exploit in the chain achieves the attacker's goal. The most recent approach in this line of work uses a modified version of the model checker NuSMV as a powerful inference engine for chaining together network exploits, compactly representing attack graphs, and identifying minimal sets of exploits. However, it is also well known that model checkers suffer from scalability problems, and there is good reason to doubt whether a model checker can handle directly a realistic set of exploits for even a modest-sized network. In this paper, we revisit the idea of attack graphs themselves, and argue that they represent more information explicitly than is necessary for the analyst. Instead, we propose a more compact and scalable representation. Although we show that it is possible to produce attack trees from our representation, we argue that more useful information can be produced, for larger networks, while bypassing the attack tree step. Our approach relies on an explicit assumption of monotonicity, which, in essence, states that the precondition of a given exploit is never invalidated by the successful application of another exploit. In other words, the attacker never needs to backtrack. The assumption reduces the complexity of the analysis problem from exponential to polynomial, thereby bringing even very large networks within reach of analysis},
booktitle = {Proceedings of the 9th ACM Conference on Computer and Communications Security},
pages = {217224},
numpages = {8},
keywords = {network security, scalability, model checking, monotonic analysis, exploit, vulnerability},
location = {Washington, DC, USA},
series = {CCS '02}
}
@inbook{TVA,
author = {Jajodia, Sushil and Noel, Steven},
year = {2010},
month = {09},
pages = {139-154},
title = {Topological Vulnerability Analysis},
volume = {46},
isbn = {978-1-4419-0139-2},
journal = {Cyber Situational Awareness, Advances in Information Security, Volume 46. ISBN 978-1-4419-0139-2. Springer-Verlag US, 2010, p. 139},
doi = {10.1007/978-1-4419-0140-8_7}
}
@phdthesis{louthan_hybrid_2011,
title = {Hybrid {Attack} {Graphs} for {Modeling} {Cyber}-{Physical} {Systems}},
author = {Louthan, G},
school = {The {University} of {Tulsa}},
year = {2011},
keywords = {icle},
file = {louthan_thesis:/home/noah/Zotero/storage/5SBCLYA3/louthan_thesis.pdf:application/pdf},
}
@phdthesis{cook_rage_2018,
title = {{RAGE}: {The} {Rage} {Attack} {Graph} {Engine}},
author = {Cook, Kyle},
school = {The {University} of {Tulsa}},
year = {2018},
file = {Kyle Cook Thesis:/home/noah/Zotero/storage/2SR28HM2/Kyle Cook Thesis.pdf:application/pdf},
}
@phdthesis{nichols_2018,
title = {{Hybrid} {Attack} {Graphs} for {Use} with a {Simulation} of a {Cyber-Physical} {System}},
author = {Nichols, Will M.},
school = {The {University} of {Tulsa}},
year = {2018},
file = {Will_Nichols_Thesis_FINAL_VER:/home/noah/Zotero/storage/8AXSZXJN/Will_Nichols_Thesis_FINAL_VER.pdf:application/pdf},
}

96
Schrick-Noah_AG-CG-SyncFire.aux Normal file
View File

@ -0,0 +1,96 @@
\relax
\providecommand\hyper@newdestlabel[2]{}
\providecommand\babel@aux[2]{}
\@nameuse{bbl@beforestart}
\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
\global\let\oldcontentsline\contentsline
\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
\global\let\oldnewlabel\newlabel
\gdef\newlabel#1#2{\newlabelxx{#1}#2}
\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
\AtEndDocument{\ifx\hyper@anchor\@undefined
\let\contentsline\oldcontentsline
\let\newlabel\oldnewlabel
\fi}
\fi}
\global\let\hyper@last\relax
\gdef\HyperFirstAtBeginDocument#1{#1}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\citation{phillips_graph-based_1998}
\citation{schneier_modeling_1999}
\citation{ou_scalable_2006}
\citation{j_hale_compliance_nodate}
\citation{baloyi_guidelines_2019}
\citation{allman_complying_2006}
\citation{sheyner_automated_2002}
\citation{ou_scalable_2006}
\citation{zhang_boosting_2017}
\babel@aux{nil}{}
\@writefile{toc}{\contentsline {section}{\numberline {I}Introduction}{1}{section.1}\protected@file@percent }
\citation{Monotonicity}
\citation{TVA}
\citation{ou_scalable_2006}
\citation{louthan_hybrid_2011}
\citation{louthan_hybrid_2011}
\citation{louthan_hybrid_2011}
\citation{louthan_hybrid_2011}
\citation{louthan_hybrid_2011}
\citation{cook_rage_2018}
\@writefile{toc}{\contentsline {section}{\numberline {II}Related Work}{2}{section.2}\protected@file@percent }
\newlabel{sec:sync-lit}{{II}{2}{Related Work}{section.2}{}}
\@writefile{toc}{\contentsline {section}{\numberline {III}Inseparable Features}{2}{section.3}\protected@file@percent }
\newlabel{sec:inseparable}{{III}{2}{Inseparable Features}{section.3}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces A network without Synchronous Firing generating infeasible states}}{2}{figure.1}\protected@file@percent }
\newlabel{fig:non-sync_ex}{{1}{2}{A network without Synchronous Firing generating infeasible states}{figure.1}{}}
\citation{cook_rage_2018}
\citation{louthan_hybrid_2011}
\citation{nichols_2018}
\citation{cook_rage_2018}
\@writefile{toc}{\contentsline {section}{\numberline {IV}Implementing Synchronous Firing}{3}{section.4}\protected@file@percent }
\newlabel{sec:implementing}{{IV}{3}{Implementing Synchronous Firing}{section.4}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-A}}Base Generator Description}{3}{subsection.4.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-B}}GNU Bison and Flex}{3}{subsection.4.2}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Inclusion of Synchronous Firing into GNU Bison, GNU Flex, and the overall program}}{3}{figure.2}\protected@file@percent }
\newlabel{fig:bison-flex}{{2}{3}{Inclusion of Synchronous Firing into GNU Bison, GNU Flex, and the overall program}{figure.2}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-C}}PostgreSQL}{3}{subsection.4.3}\protected@file@percent }
\citation{cook_rage_2018}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-D}}Compound Operators}{4}{subsection.4.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {IV-E}}Graph Generation}{4}{subsection.4.5}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {V}Results}{4}{section.5}\protected@file@percent }
\newlabel{sec:Results}{{V}{4}{Results}{section.5}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-A}}Experimental Networks and Computing Platform}{4}{subsection.5.1}\protected@file@percent }
\newlabel{sec:test-platform}{{\mbox {V-A}}{4}{Experimental Networks and Computing Platform}{subsection.5.1}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces Synchronous Firing in the Graph Generation Process}}{5}{figure.3}\protected@file@percent }
\newlabel{fig:sync-fire}{{3}{5}{Synchronous Firing in the Graph Generation Process}{figure.3}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {\mbox {V-B}}Results and Analysis}{5}{subsection.5.2}\protected@file@percent }
\@writefile{lot}{\contentsline {table}{\numberline {I}{\ignorespaces Tabled Results for the Non-Synchronous Firing Testing}}{5}{table.1}\protected@file@percent }
\newlabel{table:NS-Table}{{I}{5}{Tabled Results for the Non-Synchronous Firing Testing}{table.1}{}}
\@writefile{toc}{\contentsline {section}{\numberline {VI}Future Works}{5}{section.6}\protected@file@percent }
\bibdata{Bibliography}
\bibcite{phillips_graph-based_1998}{1}
\bibcite{schneier_modeling_1999}{2}
\bibcite{ou_scalable_2006}{3}
\bibcite{j_hale_compliance_nodate}{4}
\bibcite{baloyi_guidelines_2019}{5}
\bibcite{allman_complying_2006}{6}
\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces Synchronous Firing on Runtime}}{6}{figure.4}\protected@file@percent }
\newlabel{fig:Sync-RT}{{4}{6}{Synchronous Firing on Runtime}{figure.4}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces Bar Graph and Line Graph Representations of Synchronous Firing on State Space}}{6}{figure.5}\protected@file@percent }
\newlabel{fig:Sync-State}{{5}{6}{Bar Graph and Line Graph Representations of Synchronous Firing on State Space}{figure.5}{}}
\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces Speedup (Amdahl's) Obtained When Using Synchronous Firing}}{6}{figure.6}\protected@file@percent }
\newlabel{fig:Sync-Spd}{{6}{6}{Speedup (Amdahl's) Obtained When Using Synchronous Firing}{figure.6}{}}
\@writefile{lot}{\contentsline {table}{\numberline {II}{\ignorespaces Tabled Results for the Synchronous Firing Testing}}{6}{table.2}\protected@file@percent }
\newlabel{table:S-Table}{{II}{6}{Tabled Results for the Synchronous Firing Testing}{table.2}{}}
\@writefile{toc}{\contentsline {section}{\numberline {VII}Conclusion}{6}{section.7}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{References}{6}{section*.1}\protected@file@percent }
\bibcite{sheyner_automated_2002}{7}
\bibcite{zhang_boosting_2017}{8}
\bibcite{Monotonicity}{9}
\bibcite{TVA}{10}
\bibcite{louthan_hybrid_2011}{11}
\bibcite{cook_rage_2018}{12}
\bibcite{nichols_2018}{13}
\bibstyle{ieeetr}
\gdef \@abspage@last{7}

70
Schrick-Noah_AG-CG-SyncFire.bbl Normal file
View File

@ -0,0 +1,70 @@
\begin{thebibliography}{10}
\bibitem{phillips_graph-based_1998}
C.~Phillips and L.~P. Swiler, ``A graph-based system for network-vulnerability
analysis,'' {\em Proceedings New Security Paradigms Workshop}, vol.~Part
F1292, pp.~71--79, 1998.
\newblock doi: 10.1145/310889.310919.
\bibitem{schneier_modeling_1999}
B.~Schneier, ``Modeling {Security} {Threats},'' {\em Dr. Dobb's Journal}, 1999.
\newblock vol. 24, no.12.
\bibitem{ou_scalable_2006}
X.~Ou, W.~F. Boyer, and M.~A. Mcqueen, ``A {Scalable} {Approach} to {Attack}
{Graph} {Generation},'' {\em CCS '06: Proceedings of the 13th ACM conference
on Computer and communications security}, pp.~336--345, 2006.
\bibitem{j_hale_compliance_nodate}
{J. Hale}, P.~Hawrylak, and M.~Papa, ``Compliance {Method} for a
{Cyber}-{Physical} {System}.''
\newblock U.S. Patent Number 9,471,789, Oct. 18, 2016.
\bibitem{baloyi_guidelines_2019}
N.~Baloyi and P.~Kotzé, ``Guidelines for {Data} {Privacy} {Compliance}: {A}
{Focus} on {Cyberphysical} {Systems} and {Internet} of {Things},'' in {\em
{SAICSIT} '19: {Proceedings} of the {South} {African} {Institute} of
{Computer} {Scientists} and {Information} {Technologists} 2019}, (Skukuza
South Africa), Association for Computing Machinery, 2019.
\bibitem{allman_complying_2006}
E.~Allman, ``Complying with {Compliance}: {Blowing} it off is not an option.,''
{\em ACM Queue}, vol.~4, no.~7, 2006.
\bibitem{sheyner_automated_2002}
O.~Sheyner, J.~Haines, S.~Jha, R.~Lippmann, and J.~Wing, ``Automated
{Generation} and {Analysis} of {Attack} {Graphs},'' {\em Proceeding of 2002
IEEE Symposium on Security and Privacy}, pp.~254--265, 2002.
\bibitem{zhang_boosting_2017}
J.~Zhang, S.~Khoram, and J.~Li, ``Boosting the performance of {FPGA}-based
graph processor using hybrid memory cube: {A} case for breadth first
search,'' {\em FPGA 2017 - Proceedings of the 2017 ACM/SIGDA International
Symposium on Field-Programmable Gate Arrays}, pp.~207--216, 2017.
\bibitem{Monotonicity}
P.~Ammann, D.~Wijesekera, and S.~Kaushik, ``Scalable, graph-based network
vulnerability analysis,'' in {\em Proceedings of the 9th ACM Conference on
Computer and Communications Security}, CCS '02, (New York, NY, USA),
p.~217224, Association for Computing Machinery, 2002.
\bibitem{TVA}
S.~Jajodia and S.~Noel, {\em Topological Vulnerability Analysis}, vol.~46,
pp.~139--154.
\newblock 09 2010.
\bibitem{louthan_hybrid_2011}
G.~Louthan, {\em Hybrid {Attack} {Graphs} for {Modeling} {Cyber}-{Physical}
{Systems}}.
\newblock PhD thesis, The {University} of {Tulsa}, 2011.
\bibitem{cook_rage_2018}
K.~Cook, {\em {RAGE}: {The} {Rage} {Attack} {Graph} {Engine}}.
\newblock PhD thesis, The {University} of {Tulsa}, 2018.
\bibitem{nichols_2018}
W.~M. Nichols, {\em {Hybrid} {Attack} {Graphs} for {Use} with a {Simulation} of
a {Cyber-Physical} {System}}.
\newblock PhD thesis, The {University} of {Tulsa}, 2018.
\end{thebibliography}

48
Schrick-Noah_AG-CG-SyncFire.blg Normal file
View File

@ -0,0 +1,48 @@
This is BibTeX, Version 0.99d (TeX Live 2022/Arch Linux)
Capacity: max_strings=200000, hash_size=200000, hash_prime=170003
The top-level auxiliary file: Schrick-Noah_AG-CG-SyncFire.aux
The style file: ieeetr.bst
Database file #1: Bibliography.bib
Warning--empty publisher in TVA
You've used 13 entries,
1876 wiz_defined-function locations,
555 strings with 5973 characters,
and the built_in function-call counts, 3087 in all, are:
= -- 322
> -- 105
< -- 0
+ -- 41
- -- 28
* -- 187
:= -- 442
add.period$ -- 19
call.type$ -- 13
change.case$ -- 9
chr.to.int$ -- 0
cite$ -- 14
duplicate$ -- 170
empty$ -- 296
format.name$ -- 28
if$ -- 760
int.to.chr$ -- 0
int.to.str$ -- 13
missing$ -- 10
newline$ -- 49
num.names$ -- 13
pop$ -- 45
preamble$ -- 1
purify$ -- 0
quote$ -- 0
skip$ -- 113
stack$ -- 0
substring$ -- 166
swap$ -- 68
text.length$ -- 0
text.prefix$ -- 0
top$ -- 0
type$ -- 0
warning$ -- 1
while$ -- 28
width$ -- 15
write$ -- 131
(There was 1 warning)

683
Schrick-Noah_AG-CG-SyncFire.log Normal file
View File

@ -0,0 +1,683 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.24 (TeX Live 2022/Arch Linux) (preloaded format=pdflatex 2022.4.29) 20 SEP 2022 17:41
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**Schrick-Noah_AG-CG-SyncFire.tex
(./Schrick-Noah_AG-CG-SyncFire.tex
LaTeX2e <2021-11-15> patch level 1
L3 programming layer <2022-04-10>
(/usr/share/texmf-dist/tex/latex/ieeetran/IEEEtran.cls
Document Class: IEEEtran 2015/08/26 V1.8b by Michael Shell
-- See the "IEEEtran_HOWTO" manual for usage information.
-- http://www.michaelshell.org/tex/ieeetran/
\@IEEEtrantmpdimenA=\dimen138
\@IEEEtrantmpdimenB=\dimen139
\@IEEEtrantmpdimenC=\dimen140
\@IEEEtrantmpcountA=\count185
\@IEEEtrantmpcountB=\count186
\@IEEEtrantmpcountC=\count187
\@IEEEtrantmptoksA=\toks16
LaTeX Font Info: Trying to load font information for OT1+ptm on input line 5
03.
(/usr/share/texmf-dist/tex/latex/psnfss/ot1ptm.fd
File: ot1ptm.fd 2001/06/04 font definitions for OT1/ptm.
)
-- Using 8.5in x 11in (letter) paper.
-- Using PDF output.
\@IEEEnormalsizeunitybaselineskip=\dimen141
-- This is a 10 point document.
\CLASSINFOnormalsizebaselineskip=\dimen142
\CLASSINFOnormalsizeunitybaselineskip=\dimen143
\IEEEnormaljot=\dimen144
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <5> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <5> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <7> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <7> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <8> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <8> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <9> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <9> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <10> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <10> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <11> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <11> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <12> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <12> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <17> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <17> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <20> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <20> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <24> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 1090.
LaTeX Font Info: Font shape `OT1/ptm/bx/it' in size <24> not available
(Font) Font shape `OT1/ptm/b/it' tried instead on input line 1090.
\IEEEquantizedlength=\dimen145
\IEEEquantizedlengthdiff=\dimen146
\IEEEquantizedtextheightdiff=\dimen147
\IEEEilabelindentA=\dimen148
\IEEEilabelindentB=\dimen149
\IEEEilabelindent=\dimen150
\IEEEelabelindent=\dimen151
\IEEEdlabelindent=\dimen152
\IEEElabelindent=\dimen153
\IEEEiednormlabelsep=\dimen154
\IEEEiedmathlabelsep=\dimen155
\IEEEiedtopsep=\skip47
\c@section=\count188
\c@subsection=\count189
\c@subsubsection=\count190
\c@paragraph=\count191
\c@IEEEsubequation=\count192
\abovecaptionskip=\skip48
\belowcaptionskip=\skip49
\c@figure=\count193
\c@table=\count194
\@IEEEeqnnumcols=\count195
\@IEEEeqncolcnt=\count196
\@IEEEsubeqnnumrollback=\count197
\@IEEEquantizeheightA=\dimen156
\@IEEEquantizeheightB=\dimen157
\@IEEEquantizeheightC=\dimen158
\@IEEEquantizeprevdepth=\dimen159
\@IEEEquantizemultiple=\count198
\@IEEEquantizeboxA=\box50
\@IEEEtmpitemindent=\dimen160
\IEEEPARstartletwidth=\dimen161
\c@IEEEbiography=\count199
\@IEEEtranrubishbin=\box51
)
** ATTENTION: Overriding command lockouts (line 2).
(/usr/share/texmf-dist/tex/latex/cite/cite.sty
LaTeX Info: Redefining \cite on input line 302.
LaTeX Info: Redefining \nocite on input line 332.
Package: cite 2015/02/27 v 5.5
)
(/usr/share/texmf-dist/tex/latex/amsmath/amsmath.sty
Package: amsmath 2021/10/15 v2.17l AMS math features
\@mathmargin=\skip50
For additional information on amsmath, use the `?' option.
(/usr/share/texmf-dist/tex/latex/amsmath/amstext.sty
Package: amstext 2021/08/26 v2.01 AMS text
(/usr/share/texmf-dist/tex/latex/amsmath/amsgen.sty
File: amsgen.sty 1999/11/30 v2.0 generic functions
\@emptytoks=\toks17
\ex@=\dimen162
))
(/usr/share/texmf-dist/tex/latex/amsmath/amsbsy.sty
Package: amsbsy 1999/11/29 v1.2d Bold Symbols
\pmbraise@=\dimen163
)
(/usr/share/texmf-dist/tex/latex/amsmath/amsopn.sty
Package: amsopn 2021/08/26 v2.02 operator names
)
\inf@bad=\count266
LaTeX Info: Redefining \frac on input line 234.
\uproot@=\count267
\leftroot@=\count268
LaTeX Info: Redefining \overline on input line 399.
\classnum@=\count269
\DOTSCASE@=\count270
LaTeX Info: Redefining \ldots on input line 496.
LaTeX Info: Redefining \dots on input line 499.
LaTeX Info: Redefining \cdots on input line 620.
\Mathstrutbox@=\box52
\strutbox@=\box53
\big@size=\dimen164
LaTeX Font Info: Redeclaring font encoding OML on input line 743.
LaTeX Font Info: Redeclaring font encoding OMS on input line 744.
\macc@depth=\count271
\c@MaxMatrixCols=\count272
\dotsspace@=\muskip16
\c@parentequation=\count273
\dspbrk@lvl=\count274
\tag@help=\toks18
\row@=\count275
\column@=\count276
\maxfields@=\count277
\andhelp@=\toks19
\eqnshift@=\dimen165
\alignsep@=\dimen166
\tagshift@=\dimen167
\tagwidth@=\dimen168
\totwidth@=\dimen169
\lineht@=\dimen170
\@envbody=\toks20
\multlinegap=\skip51
\multlinetaggap=\skip52
\mathdisplay@stack=\toks21
LaTeX Info: Redefining \[ on input line 2938.
LaTeX Info: Redefining \] on input line 2939.
)
(/usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
Package: amssymb 2013/01/14 v3.01 AMS font symbols
(/usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Redeclaring math symbol \hbar on input line 98.
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 106.
))
(/usr/share/texmf-dist/tex/latex/algorithms/algorithmic.sty
Package: algorithmic 2009/08/24 v0.1 Document Style `algorithmic'
(/usr/share/texmf-dist/tex/latex/base/ifthen.sty
Package: ifthen 2020/11/24 v1.1c Standard LaTeX ifthen package (DPC)
)
(/usr/share/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2014/10/28 v1.15 key=value parser (DPC)
\KV@toks@=\toks22
)
\c@ALC@unique=\count278
\c@ALC@line=\count279
\c@ALC@rem=\count280
\c@ALC@depth=\count281
\ALC@tlm=\skip53
\algorithmicindent=\skip54
)
(/usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2021/09/16 v1.2d Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2021/03/04 v1.4d Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 2021/08/11 v1.11 sin cos tan (DPC)
)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
)
Package graphics Info: Driver file: pdftex.def on input line 107.
(/usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2020/10/05 v1.2a Graphics/color driver for pdftex
))
\Gin@req@height=\dimen171
\Gin@req@width=\dimen172
)
(/usr/share/texmf-dist/tex/latex/spverbatim/spverbatim.sty
Package: spverbatim 2009/08/10 v1.0 Verbatim with breakable spaces
)
(/usr/share/texmf-dist/tex/generic/babel/babel.sty
Package: babel 2022/02/26 3.73 The Babel package
\babel@savecnt=\count282
\U@D=\dimen173
\l@unhyphenated=\language87
(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
\bbl@readstream=\read2
\bbl@dirlevel=\count283
Package babel Info: You haven't specified a language. I'll use 'nil'
(babel) as the main language. Reported on input line 4305.
(/usr/share/texmf-dist/tex/generic/babel/nil.ldf
Language: nil 2022/02/26 3.73 Nil language
\l@nil=\language88
))
(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
Package: textcomp 2020/02/02 v2.0n Standard LaTeX package
)
(/usr/share/texmf-dist/tex/latex/base/inputenc.sty
Package: inputenc 2021/02/14 v1.3d Input encoding file
\inpenc@prehook=\toks23
\inpenc@posthook=\toks24
)
(/usr/share/texmf-dist/tex/latex/float/float.sty
Package: float 2001/11/08 v1.3d Float enhancements (AL)
\c@float@type=\count284
\float@exts=\toks25
\float@box=\box54
\@float@everytoks=\toks26
\@floatcapt=\box55
)
(/usr/share/texmf-dist/tex/latex/xcolor/xcolor.sty
Package: xcolor 2021/10/31 v2.13 LaTeX color extensions (UK)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package xcolor Info: Driver file: pdftex.def on input line 227.
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1352.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1356.
Package xcolor Info: Model `RGB' extended on input line 1368.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1370.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1371.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1372.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1373.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1374.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1375.
)
(/usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
Package: hyperref 2022-02-21 v7.00n Hypertext links for LaTeX
(/usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
Package: ltxcmds 2020-05-10 v1.25 LaTeX kernel commands for general use (HO)
)
(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
Package: iftex 2022/02/03 v1.0f TeX engine tests
)
(/usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
)
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
)
(/usr/share/texmf-dist/tex/generic/kvsetkeys/kvsetkeys.sty
Package: kvsetkeys 2019/12/15 v1.18 Key value parser (HO)
)
(/usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
)
(/usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
)
(/usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
)
(/usr/share/texmf-dist/tex/latex/letltxmacro/letltxmacro.sty
Package: letltxmacro 2019/12/03 v1.6 Let assignment for LaTeX macros (HO)
)
(/usr/share/texmf-dist/tex/latex/auxhook/auxhook.sty
Package: auxhook 2019-12-17 v1.6 Hooks for auxiliary files (HO)
)
(/usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
Package: kvoptions 2020-10-07 v3.14 Key value format for package options (HO)
)
\@linkdim=\dimen174
\Hy@linkcounter=\count285
\Hy@pagecounter=\count286
(/usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
File: pd1enc.def 2022-02-21 v7.00n Hyperref: PDFDocEncoding definition (HO)
Now handling font encoding PD1 ...
... no UTF-8 mapping file for font encoding PD1
)
(/usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
)
(/usr/share/texmf-dist/tex/generic/etexcmds/etexcmds.sty
Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
)
\Hy@SavedSpaceFactor=\count287
(/usr/share/texmf-dist/tex/latex/hyperref/puenc.def
File: puenc.def 2022-02-21 v7.00n Hyperref: PDF Unicode definition (HO)
Now handling font encoding PU ...
... no UTF-8 mapping file for font encoding PU
)
Package hyperref Info: Hyper figures OFF on input line 4137.
Package hyperref Info: Link nesting OFF on input line 4142.
Package hyperref Info: Hyper index ON on input line 4145.
Package hyperref Info: Plain pages OFF on input line 4152.
Package hyperref Info: Backreferencing OFF on input line 4157.
Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
Package hyperref Info: Bookmarks ON on input line 4390.
\c@Hy@tempcnt=\count288
(/usr/share/texmf-dist/tex/latex/url/url.sty
\Urlmuskip=\muskip17
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
)
LaTeX Info: Redefining \url on input line 4749.
\XeTeXLinkMargin=\dimen175
(/usr/share/texmf-dist/tex/generic/bitset/bitset.sty
Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
(/usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
)
))
\Fld@menulength=\count289
\Field@Width=\dimen176
\Fld@charsize=\dimen177
Package hyperref Info: Hyper figures OFF on input line 6027.
Package hyperref Info: Link nesting OFF on input line 6032.
Package hyperref Info: Hyper index ON on input line 6035.
Package hyperref Info: backreferencing OFF on input line 6042.
Package hyperref Info: Link coloring OFF on input line 6047.
Package hyperref Info: Link coloring with OCG OFF on input line 6052.
Package hyperref Info: PDF/A mode OFF on input line 6057.
LaTeX Info: Redefining \ref on input line 6097.
LaTeX Info: Redefining \pageref on input line 6101.
(/usr/share/texmf-dist/tex/latex/base/atbegshi-ltx.sty
Package: atbegshi-ltx 2021/01/10 v1.0c Emulation of the original atbegshi
package with kernel methods
)
\Hy@abspage=\count290
\c@Item=\count291
\c@Hfootnote=\count292
)
Package hyperref Info: Driver (autodetected): hpdftex.
(/usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
File: hpdftex.def 2022-02-21 v7.00n Hyperref driver for pdfTeX
(/usr/share/texmf-dist/tex/latex/base/atveryend-ltx.sty
Package: atveryend-ltx 2020/08/19 v1.0a Emulation of the original atveryend pac
kage
with kernel methods
)
\Fld@listcount=\count293
\c@bookmark@seq@number=\count294
(/usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
Package: rerunfilecheck 2019/12/05 v1.9 Rerun checks for auxiliary files (HO)
(/usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
)
Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
86.
)
\Hy@SectionHShift=\skip55
)
Package hyperref Info: Option `colorlinks' set `true' on input line 25.
(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2022-04-14 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count295
\l__pdf_internal_box=\box56
)
(./Schrick-Noah_AG-CG-SyncFire.aux)
\openout1 = `Schrick-Noah_AG-CG-SyncFire.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
-- Lines per column: 56 (exact).
(/usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count296
\scratchdimen=\dimen178
\scratchbox=\box57
\nofMPsegments=\count297
\nofMParguments=\count298
\everyMPshowfont=\toks27
\MPscratchCnt=\count299
\MPscratchDim=\dimen179
\MPnumerator=\count300
\makeMPintoPDFobject=\count301
\everyMPtoPDFconversion=\toks28
) (/usr/share/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty
Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf
Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
85.
(/usr/share/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package hyperref Info: Link coloring ON on input line 27.
(/usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
Package: nameref 2021-04-02 v2.47 Cross-referencing by name of section
(/usr/share/texmf-dist/tex/latex/refcount/refcount.sty
Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
)
(/usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
)
\c@section@level=\count302
)
LaTeX Info: Redefining \ref on input line 27.
LaTeX Info: Redefining \pageref on input line 27.
LaTeX Info: Redefining \nameref on input line 27.
(./Schrick-Noah_AG-CG-SyncFire.out) (./Schrick-Noah_AG-CG-SyncFire.out)
\@outlinefile=\write3
\openout3 = `Schrick-Noah_AG-CG-SyncFire.out'.
Underfull \hbox (badness 10000) in paragraph at lines 51--53
[]\OT1/ptm/b/it/9 Index Terms\OT1/ptm/b/n/9 ---Attack Graph; Compliance Graph;
[]
Underfull \hbox (badness 10000) in paragraph at lines 51--53
\OT1/ptm/b/n/9 Synchronous Firing; High-Performance Computing;
[]
Underfull \hbox (badness 2261) in paragraph at lines 69--77
\OT1/ptm/m/n/10 Similar difficulties arise in related fields, where social
[]
[1{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}
]
LaTeX Font Info: Trying to load font information for U+msa on input line 79.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2013/01/14 v3.01 AMS symbols A
)
LaTeX Font Info: Trying to load font information for U+msb on input line 79.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2013/01/14 v3.01 AMS symbols B
)
Underfull \hbox (badness 2662) in paragraph at lines 81--90
\OT1/ptm/m/n/10 functionality discussed by the author is similar: firing
[]
Underfull \hbox (badness 2088) in paragraph at lines 81--90
\OT1/ptm/m/n/10 an exploit should be performed on all possible assets
[]
Underfull \hbox (badness 1394) in paragraph at lines 81--90
\OT1/ptm/m/n/10 and group features, and grouped exploits could not be
[]
<./images/non-sync_ex.drawio.png, id=101, 1014.79124pt x 400.49625pt>
File: ./images/non-sync_ex.drawio.png Graphic file (type png)
<use ./images/non-sync_ex.drawio.png>
Package pdftex.def Info: ./images/non-sync_ex.drawio.png used on input line 10
6.
(pdftex.def) Requested size: 252.0pt x 99.4516pt.
[2 <./images/non-sync_ex.drawio.png>]
LaTeX Font Info: Trying to load font information for OT1+pcr on input line 1
31.
(/usr/share/texmf-dist/tex/latex/psnfss/ot1pcr.fd
File: ot1pcr.fd 2001/06/04 font definitions for OT1/pcr.
)
Underfull \hbox (badness 10000) in paragraph at lines 133--137
[]
Underfull \hbox (badness 10000) in paragraph at lines 138--142
[]
Underfull \hbox (badness 10000) in paragraph at lines 143--151
[]
<./images/vert_Bison-Flex.drawio.png, id=122, 551.05875pt x 710.655pt>
File: ./images/vert_Bison-Flex.drawio.png Graphic file (type png)
<use ./images/vert_Bison-Flex.drawio.png>
Package pdftex.def Info: ./images/vert_Bison-Flex.drawio.png used on input lin
e 153.
(pdftex.def) Requested size: 252.0pt x 324.98593pt.
Underfull \hbox (badness 2205) in paragraph at lines 166--171
[]\OT1/ptm/m/n/10 Many of the graphs previously generated by RAGE
[]
Underfull \hbox (badness 2351) in paragraph at lines 166--171
\OML/cmm/m/it/10 true=false\OT1/cmr/m/n/10 "$\OT1/ptm/m/n/10 , $\OT1/cmr/m/n/10
\\OML/cmm/m/it/10 root \OT1/cmr/m/n/10 = \OML/cmm/m/it/10 true=false\OT1/cmr/m
/n/10 "$\OT1/ptm/m/n/10 , or other general
[]
[3 <./images/vert_Bison-Flex.drawio.png>]
Underfull \hbox (badness 1895) in paragraph at lines 188--189
[]\OT1/ptm/m/n/10 Other changes involved updating classes (namely the
[]
<./images/Sync-Fire.png, id=135, 489.83pt x 1053.9375pt>
File: ./images/Sync-Fire.png Graphic file (type png)
<use ./images/Sync-Fire.png>
Package pdftex.def Info: ./images/Sync-Fire.png used on input line 195.
(pdftex.def) Requested size: 244.9144pt x 526.96747pt.
Underfull \hbox (badness 7451) in paragraph at lines 213--214
\OT1/ptm/m/n/10 All nodes are connected with a 10Gbps Infiniband
[]
[4]
<./images/Sync-Runtime-Bar.png, id=151, 609.696pt x 231.483pt>
File: ./images/Sync-Runtime-Bar.png Graphic file (type png)
<use ./images/Sync-Runtime-Bar.png>
Package pdftex.def Info: ./images/Sync-Runtime-Bar.png used on input line 234.
(pdftex.def) Requested size: 252.0pt x 95.67511pt.
<./images/Sync-Runtime.png, id=152, 576.627pt x 229.293pt>
File: ./images/Sync-Runtime.png Graphic file (type png)
<use ./images/Sync-Runtime.png>
Package pdftex.def Info: ./images/Sync-Runtime.png used on input line 235.
(pdftex.def) Requested size: 252.0pt x 100.20348pt.
<./images/Sync-StateSpace-Bar.png, id=153, 608.163pt x 223.38pt>
File: ./images/Sync-StateSpace-Bar.png Graphic file (type png)
<use ./images/Sync-StateSpace-Bar.png>
Package pdftex.def Info: ./images/Sync-StateSpace-Bar.png used on input line 2
42.
(pdftex.def) Requested size: 252.0pt x 92.5578pt.
<./images/Sync-StateSpace.png, id=154, 557.574pt x 229.512pt>
File: ./images/Sync-StateSpace.png Graphic file (type png)
<use ./images/Sync-StateSpace.png>
Package pdftex.def Info: ./images/Sync-StateSpace.png used on input line 243.
(pdftex.def) Requested size: 252.0pt x 103.7312pt.
<./images/Sync_Speedup.png, id=155, 557.355pt x 229.512pt>
File: ./images/Sync_Speedup.png Graphic file (type png)
<use ./images/Sync_Speedup.png>
Package pdftex.def Info: ./images/Sync_Speedup.png used on input line 250.
(pdftex.def) Requested size: 252.0pt x 103.76973pt.
Underfull \hbox (badness 2277) in paragraph at lines 291--292
\OT1/ptm/m/n/10 reduction due to the increased number of unattainable
[]
[5 <./images/Sync-Fire.png>] (./Schrick-Noah_AG-CG-SyncFire.bbl
Underfull \hbox (badness 1442) in paragraph at lines 24--29
\OT1/ptm/m/n/8 A Focus on Cyberphysical Systems and Internet of Things,'' in
[]
[6 <./images/Sync-Runtime-Bar.png> <./images/Sync-Runtime.png> <./images/Sync-S
tateSpace-Bar.png> <./images/Sync-StateSpace.png> <./images/Sync_Speedup.png>]
Underfull \hbox (badness 1708) in paragraph at lines 46--50
\OT1/ptm/m/n/8 network vulnerability analysis,'' in \OT1/ptm/m/it/8 Proceedings
of the 9th ACM
[]
Underfull \hbox (badness 1565) in paragraph at lines 57--60
[]\OT1/ptm/m/n/8 G. Louthan, \OT1/ptm/m/it/8 Hybrid Attack Graphs for Modeling
Cyber-Physical
[]
)
** Conference Paper **
Before submitting the final camera ready copy, remember to:
1. Manually equalize the lengths of two columns on the last page
of your paper;
2. Ensure that any PostScript and/or PDF output post-processing
uses only Type 1 fonts and that every step in the generation
process uses the appropriate paper size.
[7
] (./Schrick-Noah_AG-CG-SyncFire.aux)
Package rerunfilecheck Info: File `Schrick-Noah_AG-CG-SyncFire.out' has not cha
nged.
(rerunfilecheck) Checksum: 21902F879DEBD836AD6B9FE18B1191FE;2134.
)
Here is how much of TeX's memory you used:
12124 strings out of 478238
192515 string characters out of 5850456
512272 words of memory out of 5000000
30141 multiletter control sequences out of 15000+600000
507907 words of font info for 102 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191
60i,14n,63p,1237b,483s stack positions out of 5000i,500n,10000p,200000b,80000s
{/usr/share/texmf-dist/fonts/enc/dvips/base/8r.enc}</usr/share/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmmi10.pfb></usr/share/texmf-dist/fonts/type1/publi
c/amsfonts/cm/cmr10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/c
mr7.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/
share/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy7.pfb></usr/share/texmf-dis
t/fonts/type1/urw/courier/ucrr8a.pfb></usr/share/texmf-dist/fonts/type1/urw/tim
es/utmb8a.pfb></usr/share/texmf-dist/fonts/type1/urw/times/utmbi8a.pfb></usr/sh
are/texmf-dist/fonts/type1/urw/times/utmr8a.pfb></usr/share/texmf-dist/fonts/ty
pe1/urw/times/utmri8a.pfb>
Output written on Schrick-Noah_AG-CG-SyncFire.pdf (7 pages, 571857 bytes).
PDF statistics:
240 PDF objects out of 1000 (max. 8388607)
193 compressed objects within 2 object streams
44 named destinations out of 1000 (max. 500000)
161 words of extra memory for PDF output out of 10000 (max. 10000000)

15
Schrick-Noah_AG-CG-SyncFire.out Normal file
View File

@ -0,0 +1,15 @@
\BOOKMARK [1][-]{section.1}{\376\377\000I\000n\000t\000r\000o\000d\000u\000c\000t\000i\000o\000n}{}% 1
\BOOKMARK [1][-]{section.2}{\376\377\000R\000e\000l\000a\000t\000e\000d\000\040\000W\000o\000r\000k}{}% 2
\BOOKMARK [1][-]{section.3}{\376\377\000I\000n\000s\000e\000p\000a\000r\000a\000b\000l\000e\000\040\000F\000e\000a\000t\000u\000r\000e\000s}{}% 3
\BOOKMARK [1][-]{section.4}{\376\377\000I\000m\000p\000l\000e\000m\000e\000n\000t\000i\000n\000g\000\040\000S\000y\000n\000c\000h\000r\000o\000n\000o\000u\000s\000\040\000F\000i\000r\000i\000n\000g}{}% 4
\BOOKMARK [2][-]{subsection.4.1}{\376\377\000B\000a\000s\000e\000\040\000G\000e\000n\000e\000r\000a\000t\000o\000r\000\040\000D\000e\000s\000c\000r\000i\000p\000t\000i\000o\000n}{section.4}% 5
\BOOKMARK [2][-]{subsection.4.2}{\376\377\000G\000N\000U\000\040\000B\000i\000s\000o\000n\000\040\000a\000n\000d\000\040\000F\000l\000e\000x}{section.4}% 6
\BOOKMARK [2][-]{subsection.4.3}{\376\377\000P\000o\000s\000t\000g\000r\000e\000S\000Q\000L}{section.4}% 7
\BOOKMARK [2][-]{subsection.4.4}{\376\377\000C\000o\000m\000p\000o\000u\000n\000d\000\040\000O\000p\000e\000r\000a\000t\000o\000r\000s}{section.4}% 8
\BOOKMARK [2][-]{subsection.4.5}{\376\377\000G\000r\000a\000p\000h\000\040\000G\000e\000n\000e\000r\000a\000t\000i\000o\000n}{section.4}% 9
\BOOKMARK [1][-]{section.5}{\376\377\000R\000e\000s\000u\000l\000t\000s}{}% 10
\BOOKMARK [2][-]{subsection.5.1}{\376\377\000E\000x\000p\000e\000r\000i\000m\000e\000n\000t\000a\000l\000\040\000N\000e\000t\000w\000o\000r\000k\000s\000\040\000a\000n\000d\000\040\000C\000o\000m\000p\000u\000t\000i\000n\000g\000\040\000P\000l\000a\000t\000f\000o\000r\000m}{section.5}% 11
\BOOKMARK [2][-]{subsection.5.2}{\376\377\000R\000e\000s\000u\000l\000t\000s\000\040\000a\000n\000d\000\040\000A\000n\000a\000l\000y\000s\000i\000s}{section.5}% 12
\BOOKMARK [1][-]{section.6}{\376\377\000F\000u\000t\000u\000r\000e\000\040\000W\000o\000r\000k\000s}{}% 13
\BOOKMARK [1][-]{section.7}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n}{}% 14
\BOOKMARK [1][-]{section*.1}{\376\377\000R\000e\000f\000e\000r\000e\000n\000c\000e\000s}{}% 15

BIN
Schrick-Noah_AG-CG-SyncFire.pdf Normal file
View File

Binary file not shown.

344
Schrick-Noah_AG-CG-SyncFire.tex Normal file
View File

@ -0,0 +1,344 @@
\documentclass[conference]{IEEEtran}
\IEEEoverridecommandlockouts
% The preceding line is only needed to identify funding in the first footnote. If that is unneeded, please comment it out.
\usepackage{cite}
\usepackage{amsmath,amssymb,amsfonts}
\usepackage{algorithmic}
\usepackage{graphicx}
\usepackage{spverbatim} % Break long verbatim lines
\graphicspath{ {./images/} }
\usepackage{babel} % Bibliography
\usepackage{textcomp}
\usepackage[utf8]{inputenc}
\usepackage{float}
\usepackage{xcolor}
\def\BibTeX{{\rm B\kern-.05em{\sc i\kern-.025em b}\kern-.08em
T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}}
\usepackage[hidelinks]{hyperref} % Clickable TOC Links
\hypersetup{
colorlinks,
citecolor=black,
filecolor=black,
linkcolor=black,
urlcolor=black
}
\begin{document}
\title{State Space Explosion Mitigation for Large-Scale Attack and Compliance Graphs Using Synchronous Exploit Firing
}
\author{\IEEEauthorblockN{Noah L. Schrick}
\IEEEauthorblockA{\textit{Tandy School of Computer Science} \\
\textit{The University of Tulsa}\\
Tulsa, USA \\
noah-schrick@utulsa.edu}
\and
\IEEEauthorblockN{Peter J. Hawrylak}
\IEEEauthorblockA{\textit{Tandy School of Computer Science} \\
\textit{The University of Tulsa}\\
Tulsa, USA \\
peter-hawrylak@utulsa.edu}
}
\maketitle
\begin{abstract}
Attack and compliance graphs are useful tools for cybersecurity and regulatory or compliance analysis. These graphs represent the state of a system or a set of systems, and can be used to identify all current or future ways the systems are compromised or at risk of violating regulatory or compliance mandates. However, due to their exhaustiveness and thorough permutation checking, these graphs suffer from state space explosion - the graphs rapidly increase in the total number of states, and likewise, their generation time also rapidly increases. This state space explosion in turn also slows the analysis process. This work introduces a mitigation technique called synchronous firing, where graph users and designers can prevent the generation of infeasible states by firing exploits simultaneously through joining inseparable features like time. This feature does not invalidate the integrity of the resulting attack or compliance graph by altering the exhaustiveness or permutation checking of the generation process, but rather jointly fires exploits through their defined inseparable features.
\end{abstract}
\begin{IEEEkeywords}
Attack Graph; Compliance Graph; Synchronous Firing; High-Performance Computing; Cybersecurity; Compliance and Regulation; Speedup;
\end{IEEEkeywords}
\section{Introduction}
Cybersecurity has been at the forefront of computing for decades, and vulnerability analysis modeling has been utilized to mitigate threats to aid in this effort. One such modeling approach
is to represent a system or a set of systems through graphical means, and encode information into the nodes and edges of the graph. Even as early as the late 1990s,
experts have composed various graphical models to map devices and vulnerabilities through attack trees, and this work can be seen through the works published by the authors of \cite{phillips_graph-based_1998}.
This work, and other attack tree discussions of this time such as that conducted by the author of \cite{schneier_modeling_1999}, would later be referred to as early versions of modern-day attack graphs
\cite{ou_scalable_2006}. By utilizing this graphical approach, cybersecurity postures can be measured at a system's current status, as well as hypothesize and examine other postures based on system changes
over time.
As an alternative to attack graphs for examining vulnerable states and measuring cybersecurity postures, the focus can be narrowed to generate graphs with the purpose of examining compliance or regulation statuses.
These graphs are known as compliance graphs. Compliance graphs can be especially useful for cyber-physical systems, where a greater need for compliance exists. As the authors of \cite{j_hale_compliance_nodate},
\cite{baloyi_guidelines_2019}, and \cite{allman_complying_2006} discuss, cyber-physical systems have seen greater usage, especially in areas such as critical infrastructure and Internet of Things. The challenge of
cyber-physical systems lies not only in the demand for cybersecurity of these systems, but also the concern for safe, stable, and undamaged equipment. The industry in which these devices are used can lead to
additional compliance guidelines that must be followed, increasing the complexity required for examining compliance statuses. Compliance graphs are promising tools that can aid in minimizing the overhead caused by these systems and the regulations they must follow.
Attack graphs are an appealing approach since they are often designed to be exhaustive: all system properties are represented at its initial state, all attack options are fully enumerated, all permutations are
examined, and all changes to a system are encoded into their own independent states, where these states are then individually analyzed through the process. The authors of \cite{sheyner_automated_2002} also
discuss the advantage of conciseness of attack graphs, where the final graph only incorporates states that an attacker can leverage; no superfluous states are generated that can clutter analysis. Despite their
advantages, attack graphs do suffer from their exhaustiveness as well. As the authors of \cite{ou_scalable_2006} examine, even very small networks with only 10 hosts and 5 vulnerabilities yield graphs with 10 million
edges.
When scaling attack graphs to analyze the modern, interconnected state of large networks comprising of a multitude of hosts, and utilizing the entries located in the National Vulnerability Database and any
custom vulnerability testing, attack graph generation quickly becomes infeasible. Similar difficulties arise in related fields, where social networks, bioinformatics, and neural network representations result in graphs with millions of
states \cite{zhang_boosting_2017}. This state space explosion is a natural by-product of the graph generation process, and removing or avoiding it entirely undermines the overall goal of attack and compliance graphs. However, there are some scenarios in which the state space explosion can be mitigated when certain features are inseparable. This work discusses the application of synchronous exploit firing which mitigates state space explosion for applicable scenarios, and discusses the results of its use.
\section{Related Work} \label{sec:sync-lit}
Multiple works have introduced various approaches for mitigating state space explosion. The authors of \cite{Monotonicity} propose that attack graphs encapsulate excessive information that lead to difficulties in scalability. They discuss the concept of monotonicity, where attackers do not need to backtrack. If a previous exploit was achieved, its preconditions and postconditions should not be revoked through another, future exploit firing. The authors of \cite{TVA} use monotonicity in their tool, TVA, along with various node and edge representations based on sets and dependency graphs that can likewise mitigate the state space explosion challenge. The authors of \cite{ou_scalable_2006} also take the approach of using alternate representations of the underlying graph structure through logical attack graphs. In this representation, each node only encompasses a portion of the network in a logical statement format, as opposed to encoding the entire system information at each node. This approach is able to limit the total number of nodes to O$(N^2$), with \textit{N} representing the total number of nodes in the system.
A form of synchronous firing is discussed by the author of \cite{louthan_hybrid_2011}, where it is described as grouped exploits. The functionality discussed by the author is similar: firing
an exploit should be performed on all possible assets simultaneously. This was also described as synchronizing multiple exploits. The methodology is similar to the one implemented in this
work, but there are notable differences. The first, is that the work performed by the author of \cite{louthan_hybrid_2011} utilizes global features with group features. Using the
simultaneous exploit firing necessitated a separation of global and group features, and grouped exploits could not be performed on exploits that could be applicable to both sets.
A second difference is that there is no consistency checking in the work by the author of \cite{louthan_hybrid_2011}, which could lead to indeterminate behavior or race conditions unless
additional effort was put into encoding exploits to use precondition guards. A third difference is that the work of \cite{louthan_hybrid_2011} could still lead to a separation of features. The
grouped exploit feature would attempt to fire all exploits on all applicable assets simultaneously, but if some assets were not ready or capable to fire, these assets would not proceed with the exploit firing but
the applicable assets would. The last difference is that the work by the author of \cite{louthan_hybrid_2011} was developed in Python, since that was the language of the generator of the tool at the time.
This work relies on RAGE (The RAGE Attack Graph Engine) for the feature development and result collection \cite{cook_rage_2018}. RAGE is developed in C++ for performance enhancements, so the synchronous firing feature in this new work was likewise developed in C++.
\section{Inseparable Features} \label{sec:inseparable}
One main appeal of attack graphs and compliance graphs are their exhaustiveness. The ability to generate all permutations of attack chains or to generate all
possible ways a system can fall out of compliance is a valuable feature. The disadvantage of this approach is that the generation of the final graph increases
in time, as does the analysis. One other disadvantage is that this exhaustiveness can produce states that are not actually attainable or realistic, as briefly mentioned in Section \ref{sec:sync-lit}. When a system has assets that
have inseparable features, the generation process forcibly separates features to examine all permutations, since the generation process only modifies one quality at a time.
One example of an inseparable feature is time. If two different assets are identical and no constraints dictate otherwise, the two assets should not, and realistically cannot, proceed through time at different rates.
For example, if two cars were manufactured at the same
moment, one of these cars cannot proceed multiple time steps into the future while the other remains at its current time step; each car must step through time at the same rate.
However, the generation of attack graphs and compliance graphs examines the possibilities that one car ages by one time step, while the other car does not, or vice versa. This results in an attack graph
that can be seen in Figure \ref{fig:non-sync_ex}, which is a partial attack graph showing the separation of the time feature. All shaded states are considered
unattainable, since all of these states comprise of assets that have advanced time at different rates. It is noticeable that not only are the unattainable states themselves a wasteful generation,
but they also lead to the generation of even more unattainable states that will then also be explored. A better procedure for a generation process similar to this example is to have a single state transition that updates
assets with an inseparable feature simultaneously.
\begin{figure}[htp]
\includegraphics[width=\linewidth]{"./images/non-sync_ex.drawio.png"}
\vspace{.2truein} \centerline{}
\caption{A network without Synchronous Firing generating infeasible states}
\label{fig:non-sync_ex}
\end{figure}
Post-processing is one option at removing the unattainable states. This process would simplify and reduce the time taken for the analysis process, but the generation process would still suffer
from generating and exploring the unattainable states, and would still need to go through a post-processing step. Instead, a new feature called synchronous firing can be used to prevent the generation of these states.
The goal of the synchronous firing feature is to prevent the generation of unattainable states, while also not incurring a greater computational cost. Section \ref{sec:implementing} will discuss the development
of this feature, and Section \ref{sec:Results} will examine the results when using this feature in applicable networks.
\section{Implementing Synchronous Firing} \label{sec:implementing}
\subsection{Base Generator Description}
For the implementation of the synchronous firing feature, there were four primary changes and additions that were necessary. The first is a change in the lexical analyzer, the second involves multiple changes
to PostgreSQL, the third is the implementation of compound operators, and lastly is a change in the graph generation process. This Section will
consist of subsections discussing the development of these four alterations.
\subsection{GNU Bison and Flex}
The work conducted by the author of \cite{cook_rage_2018} included the introduction of GNU Bison and GNU Flex into RAGE. The introduction of Bison and Flex allows for an easily modifiable grammar to
adjust features, the ability to easily update parsers since Bison and Flex are built into the build system, and increases portability since Flex and Bison generate standard C. For the development of
the synchronous firing feature, a similar approach was taken to that of the work performed by the author of \cite{louthan_hybrid_2011} with the exploit keywords. However, rather than having both global and group
keywords, this work only incorporates the group keyword to prevent a few of the difficulties discussed in Section \ref{sec:sync-lit}. The new ``group" keyword is intended to be used when creating the
exploit files. The design of exploits in the exploit file is developed as:
\begin{spverbatim} <exploit> ::= <group name> "group"
"exploit" <identifier> ,
(<parameter-list>)= \end{spverbatim}
\\
\\
where the ``$<$group name$>$" identifier and ``group" keyword is optional. An example of an exploit not utilizing the group feature is:
\begin{spverbatim}exploit
brake_pads(2015_Toyota_Corolla_LE)=\end{spverbatim}
\\
\\
and an example of an exploit utilizing the group feature is:
\begin{spverbatim}time group exploit
advance_month(all_applicable)=\end{spverbatim}
\\
\\
To implement the keyword recognition and group name parsing, a few changes were made, where the intention was to detect the usage of the ``group" keyword, and have the lexical analyzer code return to the parser implementation file to
alert of the presence of the ``GROUP" token. The new token is of type string with the name ``GROUP", and it is comprised of a leading ``IDENTIFIER" of type string or integer token, followed by the ``GROUP" token.
This new token also required changes to the processing of the ``exploit" keyword. If the group keyword is not detected, the exploit has a group of name ``null". If the group keyword is detected, then the
leading IDENTIFIER is parsed, and the exploit is assigned to a group with the parsed name. Various auxiliary functions were also adjusted to include (for instance) support for printing the groups of each
exploit. Figure \ref{fig:bison-flex} illustrates the incorporation of this feature into Bison, Flex, and the overall program.
\begin{figure}[htp]
\includegraphics[width=\linewidth]{"./images/vert_Bison-Flex.drawio.png"}
\vspace{.2truein} \centerline{}
\caption{Inclusion of Synchronous Firing into GNU Bison, GNU Flex, and the overall program}
\label{fig:bison-flex}
\end{figure}
\subsection{PostgreSQL}
As seen in Figure \ref{fig:bison-flex}, Bison and Flex feed into the Model Database. With the addition of a new group identifier and the group keyword, minor alterations were needed to ensure compatibility
with the PostgreSQL database. One adjustment was to alter the exploit table in the SQL schema to include new columns of type ``TEXT". The second adjustment was to update the SQL builder functions. This
included updating the related functions such as exploit creations, exploit parsing, database fetching, and SQL string builders to add additional room for the group identifier.
\subsection{Compound Operators}
Many of the graphs previously generated by RAGE comprise of states with features that can be fully enumerated. In many of these generated graphs, there was an
established set of qualities that was used, with an established set of values. These typically have included $``compliance$\_$vio=true/false"$,
$``root=true/false"$, or other general $``true/false"$ values or $``version=X"$ qualities. To expand on the types and complexities of graphs that can be
generated and to allow for synchronous firing, compound operators have been added to RAGE. When updating a state, rather than setting a quality to a specific value, the previous value can now
be modified by an amount specified through standard compound operators such as $\mathrel{+}=$, $\mathrel{-}=$, $\mathrel{*}=$, or $\mathrel{/}=$. Previous work on an attack graph generator included the implementation of compound operators, as seen by the author of \cite{nichols_2018}. However, this work was conducted on the previous iteration of an attack graph generator written in Python. This attack graph generator has since been rewritten in C++ by the author of \cite{cook_rage_2018}, and compound operators have not been included in the latest version of RAGE.
The work conducted by the author of \cite{cook_rage_2018} when designing the software architecture of RAGE included specifications for a quality encoding scheme. As the
author discusses, qualities have four fields, which include the asset ID, attributes, operator, and value. The operator field is 4 bits, which allows for a total
of 16 operators. Since the only operator in use at the time was the $``\mathrel{=}"$ operator, the addition of four compound operators does not surpass the 16 operator limit,
and no encoding scheme changes were necessary. This also allows for additional compound operators to be incorporated in the future.
A few changes were necessary to allow for the addition of compound operators. Before the generation of an attack graph begins, all values are stored in a hash
table. For previous networks generated by RAGE, this was not a concern since all values could be fully enumerated and all possible values were known. When
using compound operators however, not all values can be fully known. The task of approximating which exploits will be applicable and what absolute minimum
or maximum value bounds will be prior to generation is difficult, and not all values can be enumerated and stored into the hash table. As a result, real-time
updates to the hash table needed to be added to the generator. The original key-value scheme for hash tables relied on utilizing the size of the hash table for
values. Since the order in which updates happen may not always remain consistent (and is especially true in distributed computing environments), it is possible
for states to receive different hash values with the original hashing scheme. To prevent this, the hashing scheme was adjusted so that the new value of the
compound operator is inserted into the hash table values if it was not found, rather than the size of the hash table. Previously, there was no safety check
for the hash table, so if the value was not found, the program would end execution. The assertion that the new value can be inserted into the hash table is safe
to make, since compound operators are conducted on numeric values, and matches the numeric type of the hash table.
Other changes involved updating classes (namely the Quality, EncodedQuality, ParameterizedQuality, NetworkState, and Keyvalue classes) to include a new member for the operator in question. Auxiliary functions related to this new member, such as prints and getters, were also added. In addition, preconditions were altered to include operator overloads to check the asset identifier, quality name, and quality values for the update process.
\subsection{Graph Generation}
The implementation of synchronous firing in the graph generation process relies on a map to hold the fired status of groups. Previously, each iteration of the applicable exploit vector loop generated a new state. With synchronous firing, all assets should be updating the same state, rather than each independently creating a new state. To implement this, each iteration of the applicable exploit vector checks if the current loop element is in a group and if that group has fired. If the element is in a group, the group has not been fired, and all group members are ready to fire, then all group members will loop through an update process to alter the single converged state. Otherwise, the loop will either continue to the next iteration if group conditions are not met, or will create a single state if it is not in a group. Figure \ref{fig:sync-fire} displays the synchronous fire approach.
\begin{figure}[htp]
\centering
\includegraphics[scale=0.5]{"./images/Sync-Fire.png"}
\vspace{.2truein} \centerline{}
\caption{Synchronous Firing in the Graph Generation Process}
\label{fig:sync-fire}
\end{figure}
\section{Results} \label{sec:Results}
\subsection{Experimental Networks and Computing Platform} \label{sec:test-platform}
All data was collected on a 13 node cluster, with 12 nodes serving as dedicated compute nodes, and 1 node serving as the login node. Each compute node has a configuration as follows:
\begin{itemize}
\item{OS: CentOS release 6.9}
\item{CPU: Two Intel Xeon E5-2620 v3}
\item{Two Intel Xeon Phi Co-Processors}
\item{One FPGA (Nallatech PCIE-385n A7 Altera Stratix V)}
\item{Memory: 64318MiB}
\end{itemize}
All nodes are connected with a 10Gbps Infiniband interconnect.
The example networks for testing the effectiveness of synchronous firing follow the compliance graph generation approach. These networks analyze two assets, both of which are identical 2006 Toyota Corolla cars with identical qualities. The generation examines both cars at their current states, and proceeds to advance in time by a pre-determined amount, up to a pre-determined limit. Each time increment updates each car by an identical amount of mileage. During the generation process, it is determined if a car is out of compliance either through mileage or time since its last maintenance in accordance with the Toyota Corolla Maintenance Schedule manual.
In addition, the tests employ the use of ``services", where if a car is out of compliance, it will go through a correction process and reset the mileage and time since last service. Each test varies in the number of services used. The 1 Service test only employs one service, and it is dedicated to brake pads. The 2 Service test employs two services, where the first service is dedicated to the brake pads, and the second is for exhaust pipes. This process extends to the 3, 4, 5, and 6 Service tests.
The testing information is as follows:
\begin{itemize}
\item{All tests ran for 12 months, with time steps of 1 month.}
\item{All tests had the same number of compliance checks: brake pads, exhaust pipes, vacuum pumps, AC filters, oil changes, and driveshaft boots.}
\item{There were 12 base exploits, and an additional 6 exploits were individually added in the form of services for each test.}
\item{All tests used the same network model.}
\item{All tests used the same exploit file, with the exception of the ``group" keyword being present in the synchronous firing testing.}
\item{Services must be performed prior to advancing time, if services are applicable.}
\item{Graph visualization was not timed. Only the generation and database operation time was measured.}
\end{itemize}
The compliance checks are as follows:
\begin{itemize}
\item{Brake pads: to be checked every 6 months}
\item{Exhaust pipes: to be checked every 12 months}
\item{AC filter: to be checked every 12,000 miles}
\item{Vacuum pump: to be checked every 120,000 miles}
\item{Engine oil: to be checked every 6,000 miles}
\item{Driveshaft boots: to be checked every 12,000 miles}
\end{itemize}
\subsection{Results and Analysis}
\subsubsection{Results for the Theoretical Environment} \label{sec:theo_res}
Using the testing setup described in Section \ref{sec:test-platform} on the platform described at the beginning of Section \ref{sec:test-platform}, results were collected in regards to the effect of synchronous firing on both state space and runtime. There was also a collection of the graphs' edge to state ratio (E/S Ratio). These results can be seen in Figures \ref{fig:Sync-RT} and \ref{fig:Sync-State}. The respective tables are seen in Tables \ref{table:NS-Table} and \ref{table:S-Table}. Both figures show a decrease in the number of states and a decrease in the runtime when synchronous firing is utilized. Since synchronous firing prevents the generation of unattainable states, there is no meaningful information loss that occurs in the graphs generated with the synchronous firing feature. Since the resulting number of states was also reduced, there will be increased justification for the synchronous firing approach due to a reduced runtime for the analysis process. Figure \ref{fig:Sync-Spd} displays the speedup (according to Amdahl's Law) obtained when using synchronous firing instead of non-synchronous firing for identical setups.
When examining the E/S ratio for the non-synchronous graphs, it is both expected and observed that the ratio slightly increases as the number of services increases. When more applicable exploits are used during the generation process, the number of permutations increases, which corresponds with the growing number of states and edges. However, the increase in the number of services also increases the relation between states and the new permutations.
When comparing the E/S ratio for the non-synchronous graphs to the E/S ratio for the synchronous graphs, it is observed that the ratio does not remain constant. For example, for the 5 service case, the non-synchronous graph has an E/S ratio of 6.398, and the synchronous graph has an E/S ratio of 7.209. While the number of states and the number of edges is reduced when using synchronous firing, the ratio of edges to states is not necessarily constant or reduced.
\begin{figure}
\centering
\includegraphics[width=\linewidth]{"./images/Sync-Runtime-Bar.png"}
\includegraphics[width=\linewidth]{"./images/Sync-Runtime.png"}
\caption[Synchronous Firing on Runtime]{Bar Graph and Line Graph Representations of Synchronous Firing on Runtime}
\label{fig:Sync-RT}
\end{figure}
\begin{figure}
\centering
\includegraphics[width=\linewidth]{"./images/Sync-StateSpace-Bar.png"}
\includegraphics[width=\linewidth]{"./images/Sync-StateSpace.png"}
\caption{Bar Graph and Line Graph Representations of Synchronous Firing on State Space}
\label{fig:Sync-State}
\end{figure}
\begin{figure}[htp]
\centering
\includegraphics[width=\linewidth]{"./images/Sync_Speedup.png"}
\vspace{.2truein} \centerline{}
\caption{Speedup (Amdahl's) Obtained When Using Synchronous Firing}
\label{fig:Sync-Spd}
\end{figure}
\begin{table}[htp]
\centering
\begin{tabular}{|c|c|c|}
\hline
\multicolumn{3}{|c|}{Non-Synchronous Firing} \\ \hline
\textbf{Number of Services} & \textbf{Number of States} & \textbf{Runtime (ms)} & \textbf{E/S Ratio} \\ \hline
1 & 37001 & 87366.65 & 5.484 \\ \hline
2 & 46361 & 115929.97 & 5.595 \\ \hline
3 & 72489 & 184634.34 & 5.590 \\ \hline
4 & 93525 & 314470.16 & 5.841 \\ \hline
5 & 209944 & 588336.01 & 5.977 \\ \hline
6 & 423940 & 1581697.61 & 6.398 \\ \hline
\end{tabular}
\caption{Tabled Results for the Non-Synchronous Firing Testing}
\label{table:NS-Table}
\end{table}
\begin{table}[htp]
\centering
\begin{tabular}{|c|c|c|c|}
\hline
\multicolumn{4}{|c|}{Synchronous Firing} \\ \hline
\textbf{\begin{tabular}[c]{@{}c@{}}Number of \\ Services\end{tabular}}
& \textbf{\begin{tabular}[c]{@{}c@{}}Number of \\ States\end{tabular}}
& \textbf{\begin{tabular}[c]{@{}c@{}}Runtime\\ (ms)\end{tabular}}
& \textbf{\begin{tabular}[c]{@{}c@{}}E/S\\ Ratio\end{tabular}}
& \textbf{\begin{tabular}[c]{@{}c@{}}Speedup \\ (Amdahl's)\end{tabular}}
\\ \hline
1 & 6277 & 14872.86 & 5.501 & 5.87 \\ \hline
2 & 11653 & 29251.56 & 5.954 & 3.96 \\ \hline
3 & 25317 & 66799.18 & 6.321 & 2.76 \\ \hline
4 & 36949 & 102216.30 & 6.538 & 3.08 \\ \hline
5 & 83134 & 243612.05 & 6.868 & 2.42 \\ \hline
6 & 186679 & 581840.76 & 7.209 & 2.72 \\ \hline
\end{tabular}
\caption{Tabled Results for the Synchronous Firing Testing}
\label{table:S-Table}
\end{table}
\subsubsection{Results for a Grouped Environment}
The environment and resulting graphs presented in Section \ref{sec:theo_results} depict the possible states of the two cars in compliance graph formats. While these graphs demonstrated accurate, exhaustive depictions of the cars and their compliance standings, they may not be realistic representations of the most likely outcomes. If a car was due for two compliance checks at the same time, it is unlikely that the car would be taken for one maintenance, returned to its original destination, then driven immediately back for maintenance, and finally to its original destination once more. The more realistic scenario is that the car is taken for maintenance, both services are performed at the same visit, and then the car is returned to its original destination.
Another set of graphs were generated using only the 3 service case. These services were for a driveshaft boot check, an AC filter change, and an oil change. This set of graphs used `super services", where a car would undergo multiple services simultaneously. These results are seen in Table
\begin{table}[htp]
\centering
\begin{tabular}{|c|c|c|}
\hline
\multicolumn{3}{|c|}{Super Services with Synchronous Firing} \\ \hline
\textbf{Permutation}
& \textbf{Number of States}
& \textbf{Runtime (ms)}
& \textbf{E/S Ratio} \\ \hline
& & & \\ \hline
Non-Synchronous & & & \\ \hline
\end{tabular}
\caption{Tabled Results for the Non-Synchronous Firing Testing}
\label{table:NS-Table}
\end{table}
\section{Future Works}
As seen and discussed in Section \ref{sec:inseparable}, when unattainable states are generated, there is a compounding effect. Each unattainable state is explored, and is likely to generate additional unattainable states. Future works include examining the effect of synchronous firing when more assets are utilized. It is hypothesized that the synchronous firing approach will lead to an increased runtime reduction and state space reduction due to the increased number of unattainable state permutations. This work had a limited number of assets, but generated upwards of 400,000 states due to repeated applications of the exploit set due to the services corresponding with the compliance graph. Future work could alter the test scenario to have a greater number of assets, and a standard set of exploits more akin to an attack graph. Other future works could include measuring the performance of synchronous firing when multiple groups of inseparable features are used. This work used a single group, but multiple groups be added to examine the performance of the feature.
Network science (degree) before and after
\section{Conclusion}
This work implemented a state space explosion mitigation technique called synchronous firing. This feature is able to fire exploits simultaneously among a group of assets through a single state transition. By firing exploits across multiple assets, it is able to prevent the separation of features that should normally be inseparable (such as time), and successfully reduces the number of total states in the resulting attack or compliance graph. This feature does not alter the procedure of the generation process in a way that undermines the integrity of the resulting attack or compliance graph, and only groups assets through defined inseparable features. This feature is also toggleable, and the generation process seen in Figure \ref{fig:sync-fire} does not change if the feature is disabled. This feature successfully reduced the total number of states, reduced the runtime of the generation process, and can lead to a reduced analysis process due to a smaller resulting graph.
%\bibliographyp
\bibliography{Bibliography}
\bibliographystyle{ieeetr}
\end{document}

BIN
images/Bison-Flex-v2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

BIN
images/Bison-Flex.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

1
images/Sync-Fire Normal file
View File

@ -0,0 +1 @@
<mxfile host="app.diagrams.net" modified="2022-03-17T04:29:48.701Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36" etag="ry8GXHVOdN1Jc8pM7tsV" version="17.1.2" type="device"><diagram id="K7JRYQhel2MMmrMd0Y0x" name="Page-1">5Vtbc9o4FP41PJKR5SuPSchltmmTWabt0jeBBbgxltcWAfbXr2TLYFnCQGIwmb606EiypHPOd25SOubtfPWQoHj2lfg47EDgrzpmvwOh53jsX05Y5wTLMHPCNAn8nGRsCYPgPyyIQFAXgY9TaSAlJKRBLBPHJIrwmEo0lCRkKQ+bkFBeNUZTrBAGYxSq1J+BT2fiWDbY0h9xMJ0VKxtA9MxRMVgQ0hnyybJEMu865m1CCM1/zVe3OOS8K/iSz7vf0bvZWIIjesiE4RQswfDmx6/o91/DawP2Hp2gK4TxhsKFOLDYLF0XHMA+Y4hokoTOyJREKLzbUm8Ssoh8zJcBrLUd80RIzIgGI/7GlK6FdNGCEkaa0XkoetWjiNOlZJGMcc3+C5VAyRTTmnHiWPwspQUEox4wmWOarNmABIeIBm+y8JHQoelm3JbN7Ifg9BFcNxSuvyyyWRFeUb5gHIfBGI0Yd9meV3FIAqrIReb6chZQPIhRxq0lg+KBHH7DCcWrWp6IXtMViiyQ7IjmcgsLo9D1WQkSxbjGuWh/ct2FB+qu1ZbuDgAcmb8Gj3MXx8/r57/tyWRccP0TM1l7rMtisqNRbSdk+7+ZkIhK7Hf+XZCio5tmDLxmAwwzXm072a8p//8bKb7DtpV/Ku/QCvUJjZgzlwSBwmAasd9jJgicMAK3H8xUhdeiYx74fi5zzDaTmbBc6jEJIprxyb7p2H2tUOsUTjFUG58vFpHcqs6AdcGV6Zq9fO7BchSfe+HbLw0hk0mKqSLozarvN2tQdQ4o4UuTCV8/i5TIguHmXnUJMzIfLdLzuANPdgeGzh8AjT/oncofOG1YJsbAZP2PmJ81hrxx5dpFu78q9/bXovV+k2Yd6DeMpk1aNvU6SdC6NEDgWkVKoSdQ1hPTssuS3jveAHZFM/IdNIo5V8Ecs1/otQ2ryK2y0DaWKun0pE75G7GSwPEsWQaXbjO9E/nL+yBhxuGSXebJlcHrWW6TyiC+0jUceUojyhGk98Pxz7fv3RUcDp+/zJ6+TH50YSuOQWt8GzP4+oPaZ4pZ63ZZwuBDFqdwxiPKo5LLClhM0HbA0lM4NsSpwiPKawInsyhccVPhblgzpQl5xbckJOy7/YhE/CuTIAyrpL1e6mj5WNCW5KMrMFga8cAGxKOFU8vx5JUJPDmmBI65J6jMWi84CRgHuGaUIs1jLZE2F9OU27SsO5chqttkCVYZ97kujilTYqYwnArmzMjYN3kyZfcVYaczFPOfPqJowOZlheJ9dmoSrHBRxW7KbgFwVYGGbetqb/DKVtHhngodXsvocKF9aeg41E9/FB3vysMcS9Yhx65cF1TGW7ZVN/7DeVgdB/dCV18gd9CcwzEapXEmWKCSLhTjdiU22cC2DHBT4/yagLfeiIJ94ZzC2zxLGiWbBCkTlUihLpTxlum2bFz13FeB8I3Qndz8U0JE06mE8J4qKvecIWJxmd2aF5R94EElx2Ndnf7gB7o641zXKHW73HnPGlacS4NXrZrai8LnGj1XrJKny1ZPdd2qZyZQ+HKxZZTdYdchOtumyqqX2l/RK85Udil8L1blEIZBnB7gQU+jm47GDGt10zuZbrqt2OFVQEtmmLWGpZ6tEeYNKQdp2XY3cg+kJgxQUYxetXSWY09MbL7Sa6gG/3vsZ4gBg0tEjtc+clrO4+UcHu67NS0gZ1wBWAYdv7Wy64HHGs3k/vraO1S9y+5b2ebBZ8qRca+amuQHUJB3bBXBgp60zua9464yAqxs7OgJbrPXv3oQqO9tPk0lvgnDpCbBBjBUy3TW6nsBKCkF/nNE0tOIROMsdDWh04nEuiRfcdgDm2aMu6ka95OkDu98YaPRFXPfKxs1FjGbLfDWcrKc35CEx2cs+po3cUf8Mdi5u2PYc1wT63nWTnLTfqICNRn77hu/tjJ22PZN2OWLZ8cjo/PIx2ylbnUJXksjn9OlJMd6LVip5VvunrygMr53Bm9lqvWEo98Vwk/yDv/gx4KyMtZAbqeX5a8KXUu+Xi6ufj/6rPB8rwrVSu11NgulbMU0Owry15pr0crFKbMcEEwCFgS1HvzIkY8FNZGPoYl8NuFQ8771Ez+Ra0Ai1aqOrZFIQ0k5a27/FDXHyPbvec27/wE=</diagram></mxfile>

BIN
images/Sync-Fire.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
images/Sync-Runtime-Bar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
images/Sync-Runtime.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 99 KiB

BIN
images/Sync-StateSpace-Bar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
images/Sync-StateSpace.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 98 KiB

BIN
images/Sync_Speedup.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB

1
images/non-sync_ex Normal file
View File

@ -0,0 +1 @@
<mxfile host="app.diagrams.net" modified="2022-03-05T20:37:46.832Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36" etag="M_WsQ7zI5yW5TNglHCuS" version="16.6.6" type="device"><diagram id="ZJqofbyrsTVr7fP3P7zB" name="Page-1">7Vxdk9smFP01ftyMBALJj8nuJu20nWRmJ9PmKYNl1lIrGwXj2M6vD7LRtz9YyxZo0ydLVxcLcy7nXLjsjuD9fPOBkzT6i01pMgLOdDOCDyMAwNgF8iOzbPcW1wHKMuPxVNlKw1P8g+aOyrqKp3RZcxSMJSJO68aQLRY0FDUb4Zyt627PLKm/NSUz2jI8hSRpW/+OpyLaWwPklPbfaDyL8je7jnoyJ7mzMiwjMmXrigk+juA9Z0zsr+abe5pko5ePy77d+yNPi45xuhA6DUjy8fcJ/nz3/ht+IiH6g+D0xx2AqnNim/9iOpUDoG4ZFxGbsQVJHkvrO85WiynNvtaRd6XPn4yl0uhK479UiK1Ck6wEk6ZIzBP1lG5i8Y9qnl1/qdgfNpUHD1t1s+9l1rWjv16ZlmzFQ3riJ7t5GBE+o+KUIyhQkvFN2ZwKvpUNOU2IiL/Xe0JUnM0KvxIKeaHQeAkynklkXG1k5Pjz7Q7MNyi//VJ9Vjbb3RlFFJpENO/md5Ks1KtCwr+6Wc/jOZUfO2NGIDiRP+PdhMurWXaV+QENPyYiyr9+W5Gk8Nq0wyhJJHtm4bKOYkGfUrIb3bVk8HowqO5SLujmNEjtIVUNYE6UOf/nbLguybSgzKhCpNi51bxCtjCemjBWzyygO7M8kzMLGuVKfRUbFKJ+R0R3Td9yTrYVh5TFC7GsfPOnzFDyBfDrfAF8txEd+28sY6XoWofwMUMJRTBYHwrIRChAWA8F6KB6ftv0x+iU/21CJx/Dc5ouDZjMM31dTJbpDkc7NP45TpJ7ljC+awefg5CGobQvBWf/0cqTSYA8VEZgp6wANLICYD4rCGzJts9lBdckAKhLAGOj6m50jTqslZA2ooEJSkfQhLrjwSWHflCLnzdOAM/E0O7uE+VSOwTlJgOra67QbYkN9eTYuVCO3Vcpx551cuz5tszZISzSPc25Cbsu6bphajTFGtYiXRtRo4kZBrYkZvqztC6syEJMO2+8dFNQr6WgueYtU7KoqqP+Ilf2pNq4LaLHXqGzHj7ykgO6TA69RvsLBybq48buCTSt6WggpcaCK4pNur7ZH2kyhXckAvphCmR2071g/JcouvWIAqN6bk1prL/DALrIdM60LtsD9xosHtQ2TM76e65z0t91T/rfZkPGH9x+nrmkUTc8sZH9PA/WSy6eczrcEHC6+eMewjMf81uVdG6+h3SF5LF5bMOC7NFtD4jl2Yax/NHXzTacw0HQb4n/HAmA0yRzI41yTIbbRTUnB9dlCso4MFw00A1EM+qVHxDQDcSXql3Lv3lA90x17MX+3rgHdfRvq456Bx4ml6ujmQMPwDY9xeOhEZwpNQ36IrFOePqDyY9MYOMZPZ6ad9NsVXponOkFtnEmsoYzh1CVHuvOTWxybmJrqhLamNbXlb1uR+li2vl4WTctBEPRwmPz1LUQU7NnDfJumtVQMjANxa5tGgrb60ft8wXg//MF9oTWXat2ZD62NDnitjv3HTjiCrA0KybGQckrkudAOTq5f8kNIxdZh6PmXy9fiuPrPFoNAutwBJcLcA8H/IC2Xh6Ojl9HgD3r9Ndrnx29ao5+IDZeAdXjZj3UPI7YBhyHttYKHNtwxJr7zgek18w+8xVQQM0TcDdEQd6W/75pX2At/wsWfPwJ</diagram></mxfile>

BIN
images/non-sync_ex.drawio.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 59 KiB

BIN
images/vert_Bison-Flex.drawio.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

1311
old.bib Normal file
View File

File diff suppressed because it is too large Load Diff