Information Technology Reference
In-Depth Information
t−
1
k
1
Pa
(
na
)
Pa
(
na
)
2
−
≈
Pa
(
na
))
k
(1
−
k
=1
By applying this approximation, we have that
−
Pa
(
na
)
Pa
(
na
)
2
1
P
(
na
)))
t−
1
Aver
(
Svw
(
k
|
t, na, nd
))
≈
((1
−
P
(
nd
))
·
(1
−
·
Pa
(
na
)
·
Pd
(
nd
)
·
Lastly, we exploit again (1) to replace the values of the probabilities that
an attacker or a defender finds a vulnerability as well as the approximation
(1
q
)
n
−
≈
(1
−
nq
). In this way, the formula for
Aver
(
Svw
(
k
|
t, na, nd
)) may be
simplified as following
nd
na
≈
nd
na
·
Aver
(
Svw
(
k
|
t, na, nd
))
≈
(
nd
·
(
t
−
1) +
na
·
t
)
·
(
nd
+
na
)
·
t
Lastly, by exploiting the previous approximation, we have that
Aver
(
I
(
na, nd, t
)) =
Uloss
A
·
(
nd
+
na
)
·
nd
·
t
2.4
Generalization of the Model
This section generalizes the 0-delay model by removing some of the constraints
previously introduced.
At first, we consider the interval of time between discovering the vulnera-
bility and patching of the infrastructure. In most cases, the time to produce
and validate the patch or to update some components will be larger than zero.
The associated delay increases with the number of the infrastructure compo-
nents to be corrected. Consider, as an example, the vulnerabilities in the WEP
authentication scheme. Hence, the delay DP between the discovery of the vul-
nerability and the complete patching of the infrastructure may be fairly larger
than zero. We assume that DP is not fixed but that it does not depend upon
other parameters of the model. Let
M
DP
be an upper bound on DP.
To take DP into account, we update the definition of the vulnerability window
and properly increase its size. Hence, if the defenders discover the vulnerability
at
td
and the infrastructure is patched at
td
+
M
DP
then
vw
=
td
ta
+
M
DP
.
Obviously, the average value of the new delay can be computed by adding
M
DP
to the previous one. Furthermore, any delay DA between the discovery of V and
the execution of the attacks exploiting V can be handled in the same way. If
M
DA
is the upper bound on the time to discover an attack, in the most general
case, we have that
−
vw
=
td
−
ta
+
M
DP
−
M
DA
=
td
−
ta
−
(
M
DA
−
M
DP
)
To compute the corresponding average loss, we consider that now the prob-
ability of a window with a size equal to
td
−
ta
−
(
M
DA
−
M
DP
)isthethesame
of a window with a size (
td
−
ta
) in the 0-delay model.
