Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Hetrogeneous Hardening Options

Published

Author(s)

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Abstract

The administrators of a mission critical network usually have to worry about non-traditional threats, e.g., how to live with known, but unpatchable vulnerabilities,and how to improve the network's resilience against potentially unknown vulnerabilities. To this end, network hardening is a well known preventive security solution that aims to improve network security by taking proactive actions, namely, hardening options. However, most existing network hardening approaches rely on a single hardening option, such as disabling unnecessary services, which becomes less effective when it comes to dealing with unknown and unpatchable vulnerabilities. There lacks a heterogeneous approach that can combine different hardening options in an optimal way to deal with both unknown and unpatchable vulnerabilities. In this paper, we propose such an approach by unifying multiple hardening options, such as firewall rule modification, disabling services, service diversification, and access control, under the same model. We then apply security metrics designed for evaluating network resilience against unknown and unpatchable vulnerabilities, and consequently derive optimal hardening solutions that maximize security under given cost constraints.
Conference Dates
July 19-21, 2017
Conference Location
Philadelphia, PA, US
Conference Title
31st IFIP Conference on Data and Application Security and Privacy (DBSEC 2017)

Keywords

Security Metrics, Diversity, Network Security, Zero Day Attack, Network Resilience

Citation

Borbor, D. , Wang, L. , Jajodia, S. and Singhal, A. (2017), Securing Networks Against Unpatchable and Unknown Vulnerabilities Using Hetrogeneous Hardening Options, 31st IFIP Conference on Data and Application Security and Privacy (DBSEC 2017), Philadelphia, PA, US, [online], https://doi.org/10.1007/978-3-319-61176-1_28, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=923237 (Accessed June 17, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 21, 2017, Updated October 12, 2021