Proc. of the 14th European Dependable Computing Conference (EDCC), September 2018.
Abstract: The management of security resources in a system always comes with a tradeoff. Given technical and budget constraints, the defender focuses on deploying the set of security countermeasures that offer the best level of system protection. However, optimizing the configuration and deployment of defense countermeasures for efficient attack detection and mitigation remains a challenging task. In this paper, we leverage the information present in an attack graph, representing the evolution of the state of the attacker in the system, to tackle the problem of finding the optimal security policy that offers the maximum level of system protection. Our solution can be used to assist asset owners to prioritize the deployment of security countermeasures and respond to intrusions efficiently. We validate our approach on an Advanced Metering Infrastructure (AMI) case study.