We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Remediation - FIWARE Forge Wiki

Remediation

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Brief Description

The decision making support provides tools to security operators for proposing cost-sensitive remediations to attack paths.


Remediation is aimed at users who want to either:

  • Show attack paths to a security operator
  • Ordered attack paths by their scores
  • Apply a cost function to compute an estimate cost of each list


For all of these actions the user will follow a similar pattern of : 1. Extracting the necessary information from the attack path to be corrected. 2. Then, it computes several lists of remediations that could reduce / cut this attack path. 3. It estimates the cost of each list of remediations and proposes all the lists of remediations, ordered by cost, to security operators. Operators can choose one remediation list and, thanks to the remediation validation, check whether or not the system is more secure after the application of this remediation.


Programming artifacts

Methods offered to administrators

  • Receive the attack paths to be reduced.
  • Send back the remediations selected by security operators to the Attack Path Engine, that allows to validate this remediation.
  • Get the network topology
  • Apply some of the remediations selected and validated by security operators
  • Select attack path to correct, browse remediations and there estimated cost, select a list of remediations to deploy and, when necessary, to validate this list.


Technologies Used

The following assets areused to implement the Remediation:

  • Scored Attack Paths,
  • MulVAL Attack Graphs Engine
  • Topological Data Extraction,
  • Visualisation Framework

Runtime Pre-requisites

Scored Attack Paths is specified to retrieve data from Scored Attack Paths, and the impact metrics from the Model Repository.

IPR

There are no patents relating to this asset. However, it is the property of Thales France. The product will be licensed under FRAND (Fair Reasonable and Non-Discriminatory) terms according to the pre-requisites of the FI-PPP program.

Publicly available documentation

  • FP7 PoSecCo project (http://www.posecco.eu/). The main reference report for this asset is WD4.5 Autonomous assessment and remediation.
Personal tools
Create a book