Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Filters

20232

Settings

Subject: search.filters.subject.Attack Graph

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemRestricted
    Risk Assessment and Advance Alert Notification for Smart Grid
    (Cardiff University, 2023-09-07) Khawaji, Moath Majdi; Saxena, Neetesh
    As the global commercial and industrial sectors prosper, the demand for energy has prompted a pivotal shift from traditional electrical grids to smart grids (SG). Leveraging digital technology, SGs enhance efficiency and provide a more sustainable solution (Rawat and Bajracharya 2015). However, this evolution also magnifies the sector's vulnerability to cyber threats, as underscored by prominent cyber-attacks in recent history. This research project aims to delve into the intricacies of SG cybersecurity, leveraging the attack graph approach to identify critical assets within the proposed SG system model and assess associated risks. By focusing on critical assets and understanding system interconnectivity, a dynamic risk assessment model coupled with a state-of-the-art alert notification tool is proposed here to proactively counter threats and fortify SG system resilience. Ultimately, our objective is to strengthen the security of SGs, safeguarding them against looming cyber threats.
    13 0
  • Thumbnail Image
    ItemRestricted
    Towards Scalable Security State Management in The Cloud
    (2023-05-08) Sabur, Abdulhakim; Zhao, Ming
    Modern data center networks require efficient and scalable security analysis approaches that can analyze the relationship between the vulnerabilities. Utilizing the Attack Representation Methods (ARMs) and Attack Graphs (AGs) enables the security administrator to understand the cloud network’s current security situation at the low-level. However, the AG approach suffers from scalability challenges. It relies on the connectivity between the services and the vulnerabilities associated with the services to allow the system administrator to realize its security state. In addition, the security policies created by the administrator can have conflicts among them, which is often detected in the data plane of the Software Defined Networking (SDN) system. Such conflicts can cause security breaches and increase the flow rules processing delay. This dissertation addresses these challenges with novel solutions to tackle the scalability issue of Attack Graphs and detect security policy conflicts in the application plane before they are transmitted into the data plane for final installation. Specifically, it introduces a segmentation-based scalable security state (S3) framework for the cloud network. This framework utilizes the well-known divide-and-conquer approach to divide the large network region into smaller, manageable segments. It follows a well-known segmentation approach derived from the K-means clustering algorithm to partition the system into segments based on the similarity between the services. Furthermore, the dissertation presents unified intent rules that abstract the network administration from the underlying network controller’s format. It develops a networking service solution to use a bounded formal model for network service compliance checking that significantly reduces the complexity of flow rule conflict checking at the data plane level. The solution can be expended from a single SDN domain to multiple SDN domains and hybrid networks by applying network service function chaining (SFC) for inter-domain policy management.
    24 0

Copyright owned by the Saudi Digital Library (SDL) © 2025