A Framework for Quantifying Security Effectiveness of Cyber Defenses
Cybersecurity metrics and quantification is a holy-grail challenge that has yet to be tackled. While significant progress has been made in quantifying building-blocks security, the problem of quantifying security from a holistic perspective is largely open. One fundamental factor that makes the problem so hard is the dynamics phenomenon incurred by complex attacker-defender-user interactions in cyberspace, meaning that the networked system itself, the employed defense posture, the adversaries, the users behaviors, and the global cybersecurity state evolve with time. This Dissertation makes a significant step towards ultimately understanding, characterizing, quantifying and managing cybersecurity from a holistic perspective, by proposing a high-fidelity simulation framework to model cyber attack-defense interactions while making weak assumptions. The framework falls under the Cybersecurity Dynamics approach, meaning that networks, users, attacks, defenses, and cybersecurity states all can evolve with time. The usefulness of the framework is demonstrated by three scenarios: quantifying security effectiveness of firewalls and DMZs; quantifying security effectiveness of coarse-grained dynamic network diversity; and quantifying security effectiveness of fine-grained static network diversity.