Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Towards Actionable Mission Impact Assessment in the Context of Cloud Computing

Published

Author(s)

Xiaoyan Sun, Anoop Singhal, Peng Liu

Abstract

Today's cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission cyber resilience cannot be really achieved. However, there is an overlooked gap between mission impact assessment and cyber resilience due to the non- mission centric nature of current research. This gap is even widened in the context of cloud computing. The gap essentially accounts for the weakest link between missions and attack resilient systems, and also explains why the existing impact analysis is not really actionable. This paper initiates efforts to bridge this gap, by developing a novel graphical model that interconnects the mission dependency graphs and cloud-level attack graphs. Our case study shows that the new cloud-applicable model is able to bridge the gap between mission impact assessment and cyber resilience. As a result, it can significantly boost the cyber resilience of mission critical systems.
Proceedings Title
31st IFIP Conference on Data and Application Security and Privacy (DBSEC 2017)
Conference Dates
July 19-21, 2017
Conference Location
Philadelphia, PA, US

Keywords

Mission Impact, Active Cyber Defense, Cloud Computing, Attack Graphs

Citation

Sun, X. , Singhal, A. and Liu, P. (2017), Towards Actionable Mission Impact Assessment in the Context of Cloud Computing, 31st IFIP Conference on Data and Application Security and Privacy (DBSEC 2017), Philadelphia, PA, US, [online], https://doi.org/10.1007/978-3-319-61176-1_14, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921564 (Accessed May 26, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 21, 2017, Updated October 12, 2021