CRUSOE: Data Model for Cyber Situation Awareness

D 2018

CRUSOE: Data Model for Cyber Situation Awareness

KOMÁRKOVÁ, Jana; Martin HUSÁK; Martin LAŠTOVIČKA a Daniel TOVARŇÁK

Základní údaje

Originální název

CRUSOE: Data Model for Cyber Situation Awareness

Autoři

KOMÁRKOVÁ, Jana; Martin HUSÁK ; Martin LAŠTOVIČKA a Daniel TOVARŇÁK

Vydání

Hamburg, Proceedings of the 13th International Conference on Availability, Reliability and Security, od s. "36:1"-"36:10", 10 s. 2018

Nakladatel

ACM

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14610/18:00106889

Organizační jednotka

Ústav výpočetní techniky

ISBN

978-1-4503-6448-5

Klíčová slova anglicky

situational awareness; data model; attack graph; impact assessment; vulnerability management

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 28. 4. 2020 14:55, Mgr. Alena Mokrá

Anotace

V originále

Attaining and keeping cyber situational awareness is crucial for the proper incident response, especially in critical infrastructures. Incident handlers need to process heterogeneous data, such as network topology and organisation's missions and objectives, to effectively mitigate the threats. The development of tools for attaining cyber situational awareness often faces the problem of effectively obtaining, correlating, and storing such heterogeneous data. In this paper, we present CRUSOE, an extensible layered data model for attaining and keeping information on cyber situational awareness. We conducted interviews with incident handlers from several security teams and evaluated existing requirements on cyber situational awareness to formalise the requirements on the proposed data model so that can be used in today's common network settings. The CRUSOE data model keeps track of missions, systems, networks, hosts, threats, detection and response capabilities, and access control in a network of an organisation. It is also designed to be filled primarily with the data that can be obtained in a semi- or fully-automated fashion in today's common network environments.

Návaznosti

VI20172020070, projekt VaV

Název: Výzkum nástrojů pro hodnocení kybernetické situace a podporu rozhodování CSIRT týmů při ochraně kritické infrastruktury (Akronym: CRUSOE)

Investor: Ministerstvo vnitra ČR, Výzkum nástrojů pro hodnocení kybernetické situace a podporu rozhodování CSIRT týmů při ochraně kritické infrastruktury

Přiložené soubory

2018-WCTI-crusoe-data-model-slides.pdf

2018-WCTI-crusoe-data-model-paper.pdf Verze souboru

Citovat

KOMÁRKOVÁ, Jana; Martin HUSÁK; Martin LAŠTOVIČKA a Daniel TOVARŇÁK. CRUSOE: Data Model for Cyber Situation Awareness. Online. In Proceedings of the 13th International Conference on Availability, Reliability and Security. Hamburg: ACM, 2018, s. "36:1"-"36:10", 10 s. ISBN 978-1-4503-6448-5. Dostupné z: https://doi.org/10.1145/3230833.3232798.

@inproceedings{1420615,
   author = {Komárková, Jana and Husák, Martin and Laštovička, Martin and Tovarňák, Daniel},
   address = {Hamburg},
   booktitle = {Proceedings of the 13th International Conference on Availability, Reliability and Security},
   doi = {https://doi.org/10.1145/3230833.3232798},
   keywords = {situational awareness; data model; attack graph; impact assessment; vulnerability management},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Hamburg},
   isbn = {978-1-4503-6448-5},
   pages = {"36:1"-"36:10"},
   publisher = {ACM},
   title = {CRUSOE: Data Model for Cyber Situation Awareness},
   url = {http://doi.acm.org/10.1145/3230833.3232798},
   year = {2018}
}

TY  - CONF
ID  - 1420615
AU  - Komárková, Jana - Husák, Martin - Laštovička, Martin - Tovarňák, Daniel
PY  - 2018
TI  - CRUSOE: Data Model for Cyber Situation Awareness
PB  - ACM
CY  - Hamburg
SN  - 9781450364485
KW  - situational awareness
KW  - data model
KW  - attack graph
KW  - impact assessment
KW  - vulnerability management
UR  - http://doi.acm.org/10.1145/3230833.3232798
N2  - Attaining and keeping cyber situational awareness is crucial for the proper incident response, especially in critical infrastructures. Incident handlers need to process heterogeneous data, such as network topology and organisation's missions and objectives, to effectively mitigate the threats. The development of tools for attaining cyber situational awareness often faces the problem of effectively obtaining, correlating, and storing such heterogeneous data. In this paper, we present CRUSOE, an extensible layered data model for attaining and keeping information on cyber situational awareness. We conducted interviews with incident handlers from several security teams and evaluated existing requirements on cyber situational awareness to formalise the requirements on the proposed data model so that can be used in today's common network settings. The CRUSOE data model keeps track of missions, systems, networks, hosts, threats, detection and response capabilities, and access control in a network of an organisation. It is also designed to be filled primarily with the data that can be obtained in a semi- or fully-automated fashion in today's common network environments.
ER  -

KOMÁRKOVÁ, Jana; Martin HUSÁK; Martin LAŠTOVIČKA a Daniel TOVARŇÁK. CRUSOE: Data Model for Cyber Situation Awareness. Online. In \textit{Proceedings of the 13th International Conference on Availability, Reliability and Security}. Hamburg: ACM, 2018, s.~''36:1''-''36:10'', 10 s. ISBN~978-1-4503-6448-5. Dostupné z: https://doi.org/10.1145/3230833.3232798.

Přehled o publikaci