Information Technology Reference
In-Depth Information
The previous discussion shows that the framework of the 0-delay model can
handle constant delays both in the patching and in the attack, provided that all
the attacks are executed simultaneously. Hence,
constant delay
may be a more
appropriate name for the model.
Let us consider now the constraint on the simultaneous execution of attacks.
As already mentioned, this is a worst case for the defenders because any delay in
the execution of attacks reduces the loss. By relieving this constraint, the overall
number of attacks does not change but attacks may occur at distinct times. As
an example, at each interval, someone could implement
Att
and then inform
i
other people so that the number of attacks at
t
is
i
times that at
t −
1. If V has
been discovered at
ta
and
Natt(t)
denotes the overall number of attacks executed
at
t, t > ta
we have that
NAtt
(
t
)=
i
t−ta
+1
i
1
In the most general case, if
fa(t)
is the number of attacks executed at
t, t > ta
−
t−ta
NAtt
(
t
)=
fa·
(
ta
+
tv
)
tv
=0
δaa
, the size of the interval to execute all the attacks, satisfies the following
NAtt
(
δaa
+
ta
)=
ns
A
To compute the loss, we notice that two cases have to be considered if
vw>0
:
1.
td > ta
+
δaa
, if the defender discovers V after all the attacks have been
executed,
2.
ta
+
δaa > td
, if the defender discovers V before all the attacks have been
executed.
In case 1), the overall loss results from the sum of two components. The first
one is the loss due to attacks in in the interval (
ta+δaa, td
)thatisequalto
Uloss
A
·
ns
A
·
(
td
−
ta
−
δaa
)
The other component is the loss in the interval (
ta, ta+stca
)thatisequalto
δaa
Uloss
A
·
fa
(
t
)
·
(
δaa
−
t
)
t
=0
because it is proportional to (
δaa-t
).
In case 2), the overall loss is
td
−
ta
Uloss
A
·
fa
(
t
)
·
(
td
−
ta
−
t
)
t
=0
This shows that, as in the 0-delay model, we can pair each size of the vulnerability
window with a loss. Then, the average impact can be computed if we take into
account that the probability of a loss is the same of the size of the window.
