Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010311961 | TK5105.59 B46 2013 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
The focus of this book is risk assessment methodologies for network architecture design. The main goal is to present and illustrate an innovative risk propagation-based quantitative assessment tool. This original approach aims to help network designers and security administrators to design and build more robust and secure network topologies. As an implementation case study, the authors consider an aeronautical network based on AeroMACS (Aeronautical Mobile Airport Communications System) technology. AeroMACS has been identified as the wireless access network for airport surface communications that will soon be deployed in European and American airports mainly for communications between aircraft and airlines. It is based on the IEEE 802.16-2009 standard, also known as WiMAX.
The book begins with an introduction to the information system security risk management process, before moving on to present the different risk management methodologies that can be currently used (quantitative and qualitative). In the third part of the book, the authors' original quantitative network risk assessment model based on risk propagation is introduced. Finally, a network case study of the future airport AeroMACS system is presented. This example illustrates how the authors' quantitative risk assessment proposal can provide help to network security designers for the decision-making process and how the security of the entire network may thus be improved.
Contents
Part 1. Network Security Risk Assessment
1. Introduction to Information System Security Risk Management Process.
2. System Security Risk Management Background.
3. A Quantitative Network Risk Management Methodology Based on Risk Propagation.
Part 2. Application to Airport Communication Network Design
4. The AeroMACS Communication System in the SESAR Project.
5. Aeronautical Network Case Study.
Author Notes
Mohamed Slim Ben Mahmoud is a research engineer for the research group ResCO at the TELECOM laboratory of ENAC, the French national institution for civil aviation.
Nicolas Larrieu is a teacher and research at the research group ResCO at the TELECOM laboratory of ENAC.
Alain Pirovano is a teacher and researcher and head of the research group ResCo at the TELECOM laboratory of ENAC.
Table of Contents
List of Figures | p. ix |
List of Tables | p. xiii |
Introduction | p. xv |
Part 1 Network Security Risk Assessment | p. 1 |
Chapter 1 Introduction to Information System Security Risk Management Process | p. 3 |
1.1 On the importance of network security for network designers | p. 5 |
1.2 On the impact of risk assessment in the decision-making process for network security designers | p. 6 |
1.3 Quantitative versus qualitative risk assessment approaches | p. 7 |
1.4 Network security risk propagation concept | p. 10 |
1.4.1 Impact of node correlation | p. 10 |
1.4.2 Network security risk transitivity | p. 11 |
1.4.3 Network security risk propagation illustrative case | p. 12 |
Chapter 2 Security Risk Management Background | p. 17 |
2.1 Qualitative security risk management methods | p. 18 |
2.1.1 CRAMM | p. 18 |
2.1.2 OCTAVE | p. 18 |
2.1.3 EBIOS | p. 19 |
2.1.4 MEHARI | p. 19 |
2.1.5 CORAS | p. 20 |
2.1.6 Discussion | p. 20 |
2.2 Quantitative security risk assessment approaches | p. 20 |
2.3 Toward a quantitative propagation-based risk assessment methodology | p. 25 |
Chapter 3 A Quantitative Network Risk Assessment Methodology Based on Risk Propagation | p. 27 |
3.1 Quantifying methodology parameters | p. 27 |
3.1.1 Network risk decomposition | p. 28 |
3.1.2 Node value | p. 29 |
3.1.3 Enhanced node value | p. 30 |
3.1.4 Impact of threats | p. 30 |
3.1.5 Likelihood of threats | p. 32 |
3.2 Network security risk assessment process | p. 36 |
3.3 Conclusion | p. 39 |
Part 2 Application to Airport Communication Network Design | p. 41 |
Chapter 4 The AeroMACS Communication System in the Sesar Project | p. 43 |
4.1 Overview of the European SESAR project | p. 43 |
4.2 Overview of aeronautical communications operating concept and requirements | p. 44 |
4.3 Introduction to the AeroMACS communication system | p. 47 |
4.3.1 AeroMACS protocol stack | p. 48 |
4.3.2 AeroMACS reference network architecture | p. 50 |
4.3.3 AeroMACS security considerations | p. 52 |
4.3.3.1 Analysis of AeroMACS security weaknesses | p. 53 |
4.3.4 AeroMACS reference network topology | p. 55 |
4.3.4.1 Isolated AeroMACS network architecture | p. 55 |
4.3.4.2 End-to-end AeroMACS network architecture | p. 56 |
Chapter 5 Aeronautical Network Case Study | p. 59 |
5.1 Experimental parameters | p. 59 |
5.1.1 Testbed infrastructure | p. 59 |
5.1.2 Aeronautical node values instantiation | p. 61 |
5.1.3 Aeronautical services instantiation | p. 62 |
5.1.4 Isolated vs. end-to-end emulation scenarios | p. 63 |
5.2 AeroMACS case study: experimental results | p. 63 |
5.2.1 Main inputs for emulation scenarios | p. 63 |
5.2.2 Isolated AeroMACS scenario: preliminary results | p. 63 |
5.2.2.1 Individual risks | p. 63 |
5.2.2.2 Propagated risks | p. 68 |
5.2.2.3 Node and network risks | p. 70 |
5.2.3 Isolated AeroMACS scenario: EAP vs. RSA sub-scenario | p. 72 |
5.2.4 Preliminary AeroMACS security enhancement guidance | p. 76 |
5.2.5 AeroMACS implementation improvements: isolated scenario without operational server vulnerabilities | p. 77 |
5.2.5.1 Experimental inputs | p. 78 |
5.2.5.2 Network topology | p. 78 |
5.2.5.3 Vulnerability statistics | p. 79 |
5.2.5.4 Individual risk results | p. 81 |
5.2.5.5 Propagated risk results | p. 81 |
5.2.5.6 Network risk results | p. 83 |
5.2.6 AeroMACS topological improvements: isolated scenario with two ASN gateways | p. 84 |
5.2.6.1 Experimental inputs | p. 84 |
5.2.6.2 Network topology | p. 85 |
5.2.6.3 Vulnerability statistics | p. 85 |
5.2.6.4 Individual risk results | p. 85 |
5.2.6.5 Propagation risk results | p. 87 |
5.2.6.6 Network risk results | p. 89 |
5.2.7 Scenario with end-to-end AeroMACS topology | p. 91 |
5.2.7.1 Experimental inputs | p. 91 |
5.2.7.2 Network topology | p. 92 |
5.2.7.3 Vulnerability statistics | p. 93 |
5.2.7.4 Individual risk results | p. 95 |
5.2.7.5 Propagated risk results | p. 97 |
5.2.7.6 Network risk results | p. 97 |
5.3 Improving AeroMACS network security | p. 99 |
5.3.1 DHCP security | p. 101 |
5.3.2 Mobile IP security | p. 103 |
Conclusion | p. 109 |
Bibliography | p. 111 |
Index | p. 117 |