An optimization approach for the cascade vulnerability problem
In inter-connected systems, where several computers share information with each other, problems may arise when inappropriate information starts to flow through. For example, let us consider a simple scenario of a university composed of three departments: payroll, financial aid, and academic services. We know that the payroll department deals with sensitive information, such as social security numbers, dates of birth, amounts of wages, etc. The financial aid department may use information that payroll owns. Similarly, the academic department communicates with the financial aid department. An intruder might take advantage of this network connectivity and create an inappropriate flow of information across the network, leading to the so-called Cascade Vulnerability Problem (CVP). ^ Several approaches have been proposed to solve this problem. Among them, the approach of Bistarelli et al. [9, 13] is of particular interest, as they express a solution of the problem using Constraint Programming, more specifically, soft constraints. This approach not only enables the detection of vulnerable paths in a network, but also eliminates the links in the network that provoke the security leakage. ^ This paranoid approach to network connectivity, although trivial to compute, is impractical because it neither considers the organizational value nor risk of each individual network link. When either is quantified and overall limitations are specified, CVP can be reduced to a constraint optimization problem. ^ In our proposed approach, we apply and implement the approach of Bistarelli et al., using soft constraints to model, detect and solve the cascade vulnerability problem, but we extend it by using the minimum weighted hitting set approximation algorithm to deal with the connection values. This way, we are able not only to detect the CVP, but also to make the least expensive cuts in the networks connections.^
Servin Meneses, Christian, "An optimization approach for the cascade vulnerability problem" (2009). ETD Collection for University of Texas, El Paso. AAI1468966.