A Simulation-Driven Approach for Assessing Risks of Complex Systems

The most critical steps in the risk assessment of a system are the discovery of attacks against the system as well as the computation of the probabilities that attacks are successful and their impacts. We present a framework to support these steps driven by a detailed simulation of the attacks implemented by intelligent threat agents. The framework can evaluate the role of factors such as the probability of discovering a vulnerability, the resources available to agents, how an agent composes attacks into plans to reach a goal. The agents and their plans are described through a proper extension of attack graphs. A simulation defined in terms of attack graphs can fully exploit an important feature of these graphs, namely their ability of describing both attack plans and the countermeasures to stop these plans. Furthermore, a simulation-driven approach can evaluate how the availability of information about the system implementation influences the success of attack plans. Finally, we describe the tools that implement the simulation and that produce statistics about both attack plans that have been successfully implemented and the resulting risk for the system owner.