Security tool to help predict, prevent cyber attacks
Katie Carr, Coordinated Science Laboratory
- ECE Interim Department Head William Sanders and ITI Senior Software Engineer Ken Keefe have been awarded a one-year, $950,000 contract from the Department of Homeland Security to further develop a simplified method for cyber security metrics modeling.
- Their research will be built on a previously developed method, ADversary VIew Security Evaluation (ADVISE).
- They plan to make the tool more widely accessible to a broader range of users and to demonstrate its use in several critical infrastructure sectors.
When designing, operating, and maintaining complex cyber security systems for large companies, it is challenging to make sound security decisions that will keep the companies safe from attackers.
Their research will be built on a previously developed method, ADversary VIew Security Evaluation (ADVISE), which has been implemented into the prototype tool Möbius-SE (Mobius Security Edition) and is used by security modeling experts and scientists. Möbius-SE is a modeling and solution tool, which quantifies system security by considering both the vulnerabilities in the system represented by an attack execution graph and the ability and inclination of attackers to exploit those vulnerabilities represented by an adversary profile. Companies can use the tool to simulate potential attacks on their system to find out where they are most vulnerable.
While some computer security experts are already using Möbius-SE, Sanders and Keefe are working to develop a simplified ADVISE modeling method that will attract more users in the computer security field. The goal of this project is to make the tool more widely accessible to a broader range of users and to demonstrate its use in several critical infrastructure sectors.
“ADVISE is useful to companies because it can help them make decisions on how they want to design future security systems or how to spend money to make changes to existing systems,” Keefe said. “ADVISE will give you a relative measure of overall system security and, if you do have attackers, it will give you an idea of the common ways attackers are getting into your system.”
“The program was a little too difficult to dig into if a company wants to use the model themselves,” Keefe said. “We want to build a layer on top of it to allow just domain experts to be able to snap together different systems they want to study and have a generator that builds the attack execution graph and then the user can choose from a library of existing attacks.”
Sanders and Keefe originally developed ADVISE to offer a very rich set of options and features and those features will still be available for users that want more control over their setup.
The pair will be working with Cyber Defense Agency, Inc. to help build the adversary library, as the company has previously developed a method that looks at different types of adversaries and how they attack different systems. To test the system, GE Global Research will apply it to their electric power distribution and water treatment supplies and provide feedback on the usability. Sanders and Keefe hope to make Möbius-SE available for commercial use as soon as possible.
“Cyber security is becoming more important every day,” Keefe said. “This would be one of the few tools of its kind available and the only commercially viable tool that would allow you to study these types of attacks and how it affects a system in a general enough way that most people could use it. Almost any company of significant size would have use for it because they all have a target on their back from different kinds of attacks.”
Sanders is also a professor at the Coordinated Science Laboratory.