Skip to Main content Skip to Navigation
Conference papers

Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options

Abstract : The administrators of a mission critical network usually have to worry about non-traditional threats, e.g., how to live with known, but unpatchable vulnerabilities, and how to improve the network’s resilience against potentially unknown vulnerabilities. To this end, network hardening is a well-knowfn preventive security solution that aims to improve network security by taking proactive actions, namely, hardening options. However, most existing network hardening approaches rely on a single hardening option, such as disabling unnecessary services, which becomes less effective when it comes to dealing with unknown and unpatchable vulnerabilities. There lacks a heterogeneous approach that can combine different hardening options in an optimal way to deal with both unknown and unpatchable vulnerabilities. In this paper, we propose such an approach by unifying multiple hardening options, such as firewall rule modification, disabling services, service diversification, and access control, under the same model. We then apply security metrics designed for evaluating network resilience against unknown and unpatchable vulnerabilities, and consequently derive optimal hardening solutions that maximize security under given cost constraints.
Document type :
Conference papers
Complete list of metadata

Cited literature [31 references]  Display  Hide  Download

https://hal.inria.fr/hal-01684351
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:07:04 PM
Last modification on : Thursday, July 26, 2018 - 2:08:02 PM
Long-term archiving on: : Monday, May 7, 2018 - 12:12:10 PM

File

453481_1_En_28_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal. Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Heterogeneous Hardening Options. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.509-528, ⟨10.1007/978-3-319-61176-1_28⟩. ⟨hal-01684351⟩

Share

Metrics

Record views

205

Files downloads

109