A Graphical Model to Assess the Impact of Multi-Step Attacks

In the last several decades, networked systems have grown in complexity and sophistication, introducing complex interdependencies amongst their numerous and diverse components. Attackers can leverage such interdependencies to penetrate seemingly well-guarded networks through sophisticated multi-step attacks. Research has shown that explicit and implicit interdependencies exist at various layers of the hardware and software architecture. In particular, dependencies between vulnerabilities and dependencies between applications and services are critical for assessing the impact of multi-step attacks. These two classes of interdependencies have been traditionally studied using attack and dependency graphs respectively. Although significant work has been done in the area of both attack and dependency graphs, we demonstrate that neither of these models can provide an accurate assessment of an attack's impact, when used in isolation. To address this limitation, we take a mission-centric approach and present a solution to integrate these two powerful models into a unified framework that enables us to accurately assess the impact of multi-step attacks and identify high-impact attack paths within a network. This analysis can ultimately generate effective hardening recommendations, and can be seen as one phase of a continuous process that iteratively cycles through impact analysis and vulnerability remediation stages.