CRUSOE: Data Model for Cyber Situation Awareness

Varování

Publikace nespadá pod Ekonomicko-správní fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

KOMÁRKOVÁ Jana HUSÁK Martin LAŠTOVIČKA Martin TOVARŇÁK Daniel

Rok publikování 2018
Druh Článek ve sborníku
Konference Proceedings of the 13th International Conference on Availability, Reliability and Security
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www http://doi.acm.org/10.1145/3230833.3232798
Doi http://dx.doi.org/10.1145/3230833.3232798
Klíčová slova situational awareness; data model; attack graph; impact assessment; vulnerability management
Přiložené soubory
Popis Attaining and keeping cyber situational awareness is crucial for the proper incident response, especially in critical infrastructures. Incident handlers need to process heterogeneous data, such as network topology and organisation's missions and objectives, to effectively mitigate the threats. The development of tools for attaining cyber situational awareness often faces the problem of effectively obtaining, correlating, and storing such heterogeneous data. In this paper, we present CRUSOE, an extensible layered data model for attaining and keeping information on cyber situational awareness. We conducted interviews with incident handlers from several security teams and evaluated existing requirements on cyber situational awareness to formalise the requirements on the proposed data model so that can be used in today's common network settings. The CRUSOE data model keeps track of missions, systems, networks, hosts, threats, detection and response capabilities, and access control in a network of an organisation. It is also designed to be filled primarily with the data that can be obtained in a semi- or fully-automated fashion in today's common network environments.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.