Towards actionable mission impact assessment in the context of cloud computing

Xiaoyan Sun, Anoop Singhal, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
EditorsSencun Zhu, Giovanni Livraga
PublisherSpringer Verlag
Pages259-274
Number of pages16
ISBN (Print)9783319611754
DOIs
StatePublished - Jan 1 2017
Event31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017 - Philadelphia, United States
Duration: Jul 19 2017Jul 21 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10359 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
CountryUnited States
CityPhiladelphia
Period7/19/177/21/17

Fingerprint

Resilience
Cloud computing
Cloud Computing
Attack
Dependency Graph
Graphical Models
Industry
Interconnect
Context
Minimise
Graph in graph theory

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sun, X., Singhal, A., & Liu, P. (2017). Towards actionable mission impact assessment in the context of cloud computing. In S. Zhu, & G. Livraga (Eds.), Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings (pp. 259-274). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10359 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-61176-1_14
Sun, Xiaoyan ; Singhal, Anoop ; Liu, Peng. / Towards actionable mission impact assessment in the context of cloud computing. Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings. editor / Sencun Zhu ; Giovanni Livraga. Springer Verlag, 2017. pp. 259-274 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{d81527ed0d92476986e57d1a418f7c35,
title = "Towards actionable mission impact assessment in the context of cloud computing",
abstract = "Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.",
author = "Xiaoyan Sun and Anoop Singhal and Peng Liu",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-61176-1_14",
language = "English (US)",
isbn = "9783319611754",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "259--274",
editor = "Sencun Zhu and Giovanni Livraga",
booktitle = "Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings",
address = "Germany",

}

Sun, X, Singhal, A & Liu, P 2017, Towards actionable mission impact assessment in the context of cloud computing. in S Zhu & G Livraga (eds), Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10359 LNCS, Springer Verlag, pp. 259-274, 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017, Philadelphia, United States, 7/19/17. https://doi.org/10.1007/978-3-319-61176-1_14

Towards actionable mission impact assessment in the context of cloud computing. / Sun, Xiaoyan; Singhal, Anoop; Liu, Peng.

Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings. ed. / Sencun Zhu; Giovanni Livraga. Springer Verlag, 2017. p. 259-274 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10359 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Towards actionable mission impact assessment in the context of cloud computing

AU - Sun, Xiaoyan

AU - Singhal, Anoop

AU - Liu, Peng

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.

AB - Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non-mission-centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack-resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly improve the effectiveness of cyber resilience analysis of mission critical systems.

UR - http://www.scopus.com/inward/record.url?scp=85021963780&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85021963780&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-61176-1_14

DO - 10.1007/978-3-319-61176-1_14

M3 - Conference contribution

AN - SCOPUS:85021963780

SN - 9783319611754

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 259

EP - 274

BT - Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings

A2 - Zhu, Sencun

A2 - Livraga, Giovanni

PB - Springer Verlag

ER -

Sun X, Singhal A, Liu P. Towards actionable mission impact assessment in the context of cloud computing. In Zhu S, Livraga G, editors, Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings. Springer Verlag. 2017. p. 259-274. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-61176-1_14