Modern networked systems are large and heterogeneous, and employ a variety of access control mechanisms that are the first line of defense against cyber-attack. The problem we address is that of estimating the degree to which the actual security posture given by the configurations of these diverse mechanisms complies with machine checkable global policy, when (1) the system is too large to admit to an exhaustive analysis, and (2) we consider the possibility of intruders creating connections through compromised hosts set up as stepping stones. The foundational science we develop is application of the statistical method of importance sampling to the problem of statistically estimating metrics that quantify a system’s compliance with global policy, and to find the hosts that, if compromised, have the largest negative impact on accessibility compliance, under those two assumptions. The results of our research will quickly be included with an existing tool we’ve developed that exhaustively validates compliance. This will transition the technology into practice; furthermore, the insights we gain will have application in other security domains where the challenge is to estimate the number of rare but disastrous states in combinatorially huge state spaces. (David Nicol, PI; Sanders, co-PI)
This project is being conducted within the Science of Security Lablet.
(funded by the U.S. National Security Agency (NSA))