Skip to Main content Skip to Navigation
Conference papers

Assessing Attack Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs

Abstract : Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process-support enterprise network and produces a numerical score for this impact. The key idea is that all attacks are performed by exploiting vulnerabilities in the enterprise network. So the impact scores for business processes are the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01954421
Contributor : Hal Ifip <>
Submitted on : Thursday, December 13, 2018 - 4:04:01 PM
Last modification on : Thursday, August 22, 2019 - 12:04:03 PM
Long-term archiving on: : Thursday, March 14, 2019 - 3:42:32 PM

File

470961_1_En_21_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Chen Cao, Lun-Pin Yuan, Anoop Singhal, Peng Liu, Xiaoyan Sun, et al.. Assessing Attack Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.330-348, ⟨10.1007/978-3-319-95729-6_21⟩. ⟨hal-01954421⟩

Share

Metrics

Record views

106

Files downloads

15