Information Technology Reference
In-Depth Information
be applied to vulnerabilities of these components only. Notice that the two as-
sumptions jointly imply that, in principle, there is no bound on the impact of
a successful attack because this impact is proportional to the size of the vul-
nerability window but this size is unbounded if the defenders do not remove a
vulnerability discovered by an attacker.
2.2
The 0-Delay Model
Here and in the following, the terms impact of attacks and loss in the infrastruc-
ture revenue are considered as synonymous and will be freely interchanged, The
0-delay model makes it possible to compute
I(na, nd)
, the impact of an attack
as a function of
na
and
nd
, the numbers of attackers and of defenders.
I(na, nd)
is positive if and only if the size of the vulnerability window is positive and it is
proportional both to this size and to the number of successful attacks. This is
summedupintherelation:
I
(
na, nd
)=
nsa
A
·
Uloss
A
·
(
td
(
nd
)
−
ta
(
na
))
if td
(
nd
)
−
ta
(
na
)
≥
0
0
if
0
≥
td
(
nd
)
−
ta
(
na
)
where:
-
ta(na)
is the time when one of the
na
attacker discovers both
V
and
A
,the
attack enabled by V;
-
td(nd)
is the time when one of the
nd
defenders finds
V
and patches the
infrastructure,
-
td(nd) - ta(na)
is the size of the vulnerability window,
-
ns
A
is the number of instances of
A
that are successfully executed.
ns
A
is always larger than
na
,thatis
ns
A
=
ψ
1. In turn,
ψ
is a
decreasing function of the resources and the skills to execute
A
and it reaches
its maximum if
A
can be fully automated by proper programming tools [29]
-
Uloss
A
is the loss in the infrastructure revenue for unit of time due to each
attack that is an instance of
A
.
·
na, ψ
≥
The 0-delay model assumes that
nsa
·
Uloss
A
is a constant.
If
Aver(R)
denotes the average value of the random variable
R
,then
Aver
(
I
(
na, nd
)) =
ns
A
·
Uloss
A
·
Aver
(
td
(
nd
)
−
ta
(
na
))
In the following, we drop the dependency from the number of attackers or of
defenders from both
ta(na)
and
td(nd)
and replace
td(nd)-ta(na)
by either
td-ta
or simply by
vw
. We are interested in the positive values of
vw
because these are
the only cases where
A
is successfully executed. Instead, anytime
vw <0
there
is no loss, because the loss is zero.
Aver(vw)
, the average size of the vulnerability window depends upon
P
(
vw
=
i>
0
na, nd
), the probability that
vw
=
i
if there are
na
attackers and
nd
defenders. This probability is a function of both
Pd(nd,t)
and
Pa(na, t)
the
|