Towards a Networks-of-Networks Framework for Cyber Security
This is an incremental position paper that addresses cyber security modeling for enterprises.
The paper tackles the problem of modeling enterprise cyber systems by proposing a three-layered networks-of-networks framework, demonstrating its application for continuous monitoring and mission assurance through four graph-theoretic examples.
Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this position paper we build towards a three-layered NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We present in-depth discussion for four major graph- theoretic applications to demonstrate how the three-layered NoN model can be leveraged for continuous system monitoring and mission assurance.