Published: September 24, 2014
Author(s)
Xiaoyan Sun (Penn State University), Jun Dai (Penn State University), Anoop Singhal (NIST), Peng Liu (Penn State University)
Conference
Name: 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014)
Dates: 09/24/2014 - 09/26/2014
Location: Beijing, China
Citation: International Conference on Security and Privacy in Communication Networks, vol. 152, pp. 3-23
Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some “stealthy bridges” may be created to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Prior to constructing cross-layer Bayesian networks, cloud-level attack graphs are built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. The result of the experiment justifies the cross-layer Bayesian network’s capability of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.
Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some...
See full abstract
Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some “stealthy bridges” may be created to break such isolation due to two features of the public cloud: virtual machine image sharing and virtual machine co-residency. This paper proposes to use cross-layer Bayesian networks to infer the stealthy bridges existing between enterprise network islands. Prior to constructing cross-layer Bayesian networks, cloud-level attack graphs are built to capture the potential attacks enabled by stealthy bridges and reveal hidden possible attack paths. The result of the experiment justifies the cross-layer Bayesian network’s capability of inferring the existence of stealthy bridges given supporting evidence from other intrusion steps in a multi-step attack.
Hide full abstract
Keywords
Attack Graph; Bayesian network; cloud; stealthy bridge
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
