Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Conference Paper

Global Adversarial Capability Modeling

  • May 2015
  • By Jonathan Spring, Sarah Kern, Alec Summers
  • Jonathan Spring, Sarah Kern, and Alec Summers propose a model of global capability advancement, the adversarial capability chain (ACC).
  • Publisher: Software Engineering Institute
  • Abstract

    Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need.The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it.  The model is based on four historical studies ofadversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems.We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.

  • Download