Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software-Defined Networking, and Moving Target Defenses. We provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.
翻译:在网络安全分析中,攻击图(AGs)和攻击树(ATs)是早期开发的图形安全模型,但它们有局限性(例如可缩放问题、州空间爆炸问题等),缺乏捕捉其他安全特征(例如反措施)的能力。为了解决这些局限性和应对各种安全特征,开发了一个称为攻击反措施树(ACT)的图形安全模型,以进行安全分析,同时考虑到攻击和对策。在我们的研究中,我们开发了等级化图形安全模型的不同变体,以解决系统安全分析中涉及的安全模型的复杂性、动态性和可缩放性问题。在本文件中,我们将安全模型归纳并分类如下:基于图表的、基于树木的和混合的安全模型。我们讨论了一个等级攻击代表模型(HARM)的开发问题,以及《HARM》的不同变体、其应用情况,以及在各种领域,包括互联网、克劳德、软件定义的网络联网和移动目标的网络的可扩缩性问题。我们提出了安全模型的分类,并提出了目前的安全定义和选择领域,我们提出了其安全定义和最终防御领域的结果。