Ben Mahmoud / Larrieu / Pirovano | Risk Propagation Assessment for Network Security | Buch | 978-1-84821-454-5 | sack.de

Buch, Englisch, 144 Seiten, Format (B × H): 155 mm x 241 mm, Gewicht: 363 g

Ben Mahmoud / Larrieu / Pirovano

Risk Propagation Assessment for Network Security


Application to Airport Communication Network Design

Buch, Englisch, 144 Seiten, Format (B × H): 155 mm x 241 mm, Gewicht: 363 g

ISBN: 978-1-84821-454-5
Verlag: Wiley

The focus of this book is risk assessment methodologies for network architecture design. The main goal is to present and illustrate an innovative risk propagation-based quantitative assessment tool. This original approach aims to help network designers and security administrators to design and build more robust and secure network topologies. As an implementation case study, the authors consider an aeronautical network based on AeroMACS (Aeronautical Mobile Airport Communications System) technology. AeroMACS has been identified as the wireless access network for airport surface communications that will soon be deployed in European and American airports mainly for communications between aircraft and airlines. It is based on the IEEE 802.16-2009 standard, also known as WiMAX.
The book begins with an introduction to the information system security risk management process, before moving on to present the different risk management methodologies that can be currently used (quantitative and qualitative). In the third part of the book, the authors’ original quantitative network risk assessment model based on risk propagation is introduced. Finally, a network case study of the future airport AeroMACS system is presented. This example illustrates how the authors’ quantitative risk assessment proposal can provide help to network security designers for the decision-making process and how the security of the entire network may thus be improved.

Contents

Part 1. Network Security Risk Assessment
1. Introduction to Information System Security Risk Management Process.
2. System Security Risk Management Background.
3. A Quantitative Network Risk Management Methodology Based on Risk Propagation.
Part 2. Application to Airport Communication Network Design
4. The AeroMACS Communication System in the SESAR Project.
5. Aeronautical Network Case Study.
Ben Mahmoud / Larrieu / Pirovano Risk Propagation Assessment for Network Security jetzt bestellen!

Autoren/Hrsg.

Ben Mahmoud, Mohamed Slim
Larrieu, Nicolas
Pirovano, Alain

Fachgebiete

Weitere Infos & Material

LIST OF FIGURES ix

LIST OF TABLES xiii

INTRODUCTION xv

PART 1. NETWORK SECURITY RISK ASSESSMENT 1

CHAPTER 1. INTRODUCTION TO INFORMATION SYSTEM SECURITY RISK MANAGEMENT PROCESS 3

1.1. On the importance of network security for network designers 5

1.2. On the impact of risk assessment in the decision-making process for network security designers 6

1.3. Quantitative versus qualitative risk assessment approaches 7

1.4. Network security risk propagation concept 10

1.4.1. Impact of node correlation 10

1.4.2. Network security risk transitivity 11

1.4.3. Network security risk propagation illustrative case 12

CHAPTER 2. SECURITY RISK MANAGEMENT BACKGROUND 17

2.1. Qualitative security risk management methods 18

2.1.1. CRAMM 18

2.1.2. OCTAVE 18

2.1.3. EBIOS 19

2.1.4. MEHARI 19

2.1.5. CORAS 20

2.1.6. Discussion 20

2.2. Quantitative security risk assessment approaches 20

2.3. Toward a quantitative propagation-based risk assessment methodology 25

CHAPTER 3. A QUANTITATIVE NETWORK RISK ASSESSMENT METHODOLOGY BASED ON RISK PROPAGATION 27

3.1. Quantifying methodology parameters 27

3.1.1. Network risk decomposition 28

3.1.2. Node value 29

3.1.3. Enhanced node value 30

3.1.4. Impact of threats 30

3.1.5. Likelihood of threats 32

3.2. Network security risk assessment process 36

3.3. Conclusion 39

PART 2. APPLICATION TO AIRPORT COMMUNICATION NETWORK DESIGN 41

CHAPTER 4. THE AEROMACS COMMUNICATION SYSTEM IN THE SESAR PROJECT 43

4.1. Overview of the European SESAR project 43

4.2. Overview of aeronautical communications operating concept and requirements 44

4.3. Introduction to the AeroMACS communication system 47

4.3.1. AeroMACS protocol stack 48

4.3.2. AeroMACS reference network architecture 50

4.3.3. AeroMACS security considerations 52

4.3.3.1. Analysis of AeroMACS security weaknesses 53

4.3.4. AeroMACS reference network topology 55

4.3.4.1. Isolated AeroMACS network architecture 55

4.3.4.2. End-to-end AeroMACS network architecture 56

CHAPTER 5. AERONAUTICAL NETWORK CASE STUDY 59

5.1. Experimental parameters 59

5.1.1. Testbed infrastructure 59

5.1.2. Aeronautical node values instantiation 61

5.1.3. Aeronautical services instantiation 62

5.1.4. Isolated vs. end-to-end emulation scenarios 63

5.2. AeroMACS case study: experimental results 63

5.2.1. Main inputs for emulation scenarios 63

5.2.2. Isolated AeroMACS scenario: preliminary results 63

5.2.2.1. Individual risks 63

5.2.2.2. Propagated risks 68

5.2.2.3. Node and network risks 70

5.2.3. Isolated AeroMACS scenario: EAP vs. RSA sub-scenario 72

5.2.4. Preliminary AeroMACS security enhancement guidance 76

5.2.5. AeroMACS implementation improvements: isolated scenario without operational server vulnerabilities 77

5.2.5.1. Experimental inputs 78

5.2.5.2. Network topology 78

5.2.5.3. Vulnerability statistics 79

5.2.5.4. Individual risk results 81

5.2.5.5. Propagated risk results 81

5.2.5.6. Network risk results 83

5.2.6. AeroMACS topological improvements: isolated scenario with two ASN gateways 84

5.2.6.1. Experimental inputs 84

5.2.6.2. Network topology 85

5.2.6.3. Vulnerability statistics 85

5.2.6.4. Individual risk results 85

5.2.6.5. Propagation risk results 87

5.2.6.6. Network risk results 89

5.2.7. Scenario with end-to-end AeroMACS topology 91

5.2.7.1. Experimental inputs 91

5.2.7.2. Network topology 92

5.2.7.3. Vulnerability statistics 93

5.2.7.4. Individual risk results 95

5.2.7.5. Propagated risk results 97

5.2.7.6. Network risk results 97

5.3. Improving AeroMACS network security 99

5.3.1. DHCP security 101

5.3.2. Mobile IP security 103

CONCLUSION 109

BIBLIOGRAPHY 111

INDEX 117

Mohamed Slim Ben Mahmoud is a research engineer for the research group ResCo at the TELECOM laboratory of ENAC, the French national institution for civil aviation.

Nicolas Larrieu is a teacher and researcher at the research group ResCo at the TELECOM laboratory of ENAC.

Alain Pirovano is a teacher and researcher and head of the research group ResCo at the TELECOM laboratory of ENAC.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.