Using Monte-Carlo Simulations to Analyze Uncertainty in Computer Security Investments, Mitigations and Vulnerabilities

Presenter: Jim Conrad, UI

Abstract:

Models facilitate the analysis of secured real-world computing systems and networks. They are especially useful for quantifying an organisation's risk of attack, its exposure to damage, and the opportunities for mitigating vulnerabilities. When used to forecast the outcome of attacks, models can be invaluable for supporting business decisions about whether, where or how-much to invest in mitigations. When the resources available for mitigations are constrained and an organisation must accept some risk, models offer an attractive tool for identifying optimal investment opportunities. However, models often rely upon expert estimates for some or all of their parameters, and these parameter estimates introduce uncertainty into the model's forecast. This research presents four investigations introducing Monte-Carlo techniques for analyzing uncertainty in computer security models, including a simple system-level financial model for information security investments, the system-level Risk Analysis and Probabilistic Survivability Assessment (RAPSA) model, Conte de Leon's attack graph, and the Take-Grant Protection System. The Monte-Carlo enhanced security models express uncertainty with probability distributions of the security modeling parameters and disclose its impact on their resulting forecasts. The advantages of the Monte-Carlo approach include minimal modifications to the existing security models. The Monte-Carlo approach becomes particularly useful with the Take-Grant Protection System where it can model some aspects of social behavior such as the possibility of a trusted subject granting unauthorized access to an object. The Monte-Carlo approach expresses uncertainty about a computer security model's parameter with a probability distribution that itself has one or more configuration parameters whose epistemic uncertainty may be expressed with additional probability distributions, and so on. This potentially long chain of uncertainty begs an alternative approach. The fifth and final investigation presents evidence for a Self-Organized Criticality (SOC) paradigm underlying the complex dynamics of malware attacks on the Internet. A self- organized critical system autonomously develops a structure or pattern independent of any controlling input parameters by evolving to a configuration near a critical point. The SOC paradigm is interesting because of its relative freedom from tuning parameters in a simulation rather than an estimation of uncertainty.