Model-based Cybersecurity Analysis: Past Work and Future Directions

TL;DR

This paper reviews the evolution of graphical security models in cybersecurity, introduces hierarchical models like HARM to address scalability and complexity issues, and discusses their applications and future research directions.

Contribution

It classifies security models into graph-based, tree-based, and hybrid types, and presents the development and application of hierarchical attack representation models (HARM) for diverse domains.

Findings

HARM improves scalability and dynamicity in security analysis.

Hierarchical models are effective across IoT, Cloud, and SDN domains.

The paper identifies open problems and future research directions.

Abstract

Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software-Defined Networking, and Moving Target Defenses. We provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.