STRonG: System Topology Risk Analysis on Graphs

Abstract

Production systems run complex stacks comprising of constantly-evolving hardware and software components. Vulnerabilities in such stacks continuously pose security risks to both the service provider and customers, and thus calls for a solution to analyze and quantify security risks. STRonG is a framework that leverages a layered graph-based approach to model, analyze, and quantify security risks in complex software and hardware stacks of systems. We propose the use of adjustable templates/stencils for easier and more consistent modeling and allow user-defined scoring methods to be applied. STRonG quantitatively assesses how modifications in structure, components, or attributes impact the security risk of critical parts of a system stack during the design phase or early stages of the development process. Efficacy of the framework is demonstrated by applying STRonG to the control stack of OpenStack cloud infrastructure and performing risk assessment before and after the introduction of a novel security layer. Risk is shown to be quantitatively reduced post introduction of the security layer, while allowing for a 10% error margin in scoring.