%0 Conference Proceedings
%T A Layered Graphical Model for Cloud Forensic Mission Attack Impact Analysis
%+ George Mason University [Fairfax]
%+ National Institute of Standards and Technology [Gaithersburg] (NIST)
%A Liu, Changwei
%A Singhal, Anoop
%A Wijesekera, Duminda
%Z Part 4: Cloud Forensics
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 14th IFIP International Conference on Digital Forensics (DigitalForensics)
%C New Delhi, India
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XIV
%V AICT-532
%P 263-289
%8 2018-01-03
%D 2018
%R 10.1007/978-3-319-99277-8_15
%K Mission attack impact
%K cloud forensic analysis
%K layered graphical model
%Z Computer Science [cs]Conference papers
%X Cyber attacks on the systems that support an enterprise’s mission can significantly impact its objectives. This chapter describes a layered graphical model designed to support forensic investigations by quantifying the mission impacts of cyber attacks. The model has three layers: (i) an upper layer that models operational tasks and their interdependencies that fulfill mission objectives; (ii) a middle layer that reconstructs attack scenarios based on the interrelationships of the available evidence; and (iii) a lower level that uses system calls executed in upper layer tasks in order to reconstruct missing attack steps when evidence is missing. The graphs constructed from the three layers are employed to compute the impacts of attacks on enterprise missions. The National Vulnerability Database – Common Vulnerability Scoring System scores and forensic investigator estimates are used to compute the mission impacts. A case study is presented to demonstrate the utility of the graphical model.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01988841/document
%2 https://inria.hal.science/hal-01988841/file/472401_1_En_15_Chapter.pdf
%L hal-01988841
%U https://inria.hal.science/hal-01988841
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-532