GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool

Authors:
Leevar Williams;Richard Lippmann;Kyle Ingols
Affiliations:
MIT Lincoln Laboratory, Lexington MA 02173;MIT Lincoln Laboratory, Lexington MA 02173;MIT Lincoln Laboratory, Lexington MA 02173
Venue:
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Year:
2008

Citing 11
Cited 2

Heuristic evaluation of user interfaces

CHI '90 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Heuristic evaluation

Usability inspection methods
Ordered and quantum treemaps: Making effective use of 2D space to display hierarchies

ACM Transactions on Graphics (TOG)
Risk-based Systems Security Engineering: Stopping Attacks with Intention

IEEE Security and Privacy
Flow Map Layout

INFOVIS '05 Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization
Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Network Visualization by Semantic Substrates

IEEE Transactions on Visualization and Computer Graphics
Practical Attack Graph Generation for Network Defense

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Validating and restoring defense in depth using attack graphs

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications

Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR

Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Security audits of multi-tier virtual infrastructures in public infrastructure clouds

Proceedings of the 2010 ACM workshop on Cloud computing security workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attack graphs enable computation of important network security metrics by revealing potential attack paths an adversary could use to gain control of network assets. This paper presents GARNET (Graphical Attack graph and Reachability Network Evaluation Tool), an interactive visualization tool that facilitates attack graph analysis. It provides a simplified view of critical steps that can be taken by an attacker and of host-to-host network reachability that enables these exploits. It allows users to perform "what-if" experiments including adding new zero-day attacks, following recommendations to patch software vulnerabilities, and changing the attacker starting location to analyze external and internal attackers. Users can also compute and view metrics of assets captured versus attacker effort to compare the security of complex networks. For adversaries with three skill levels, it is possible to create graphs of assets captured versus attacker steps and the number of unique exploits required. GARNET is implemented as a Java application and is built on top of an existing C++ engine that performs reachability and attack graph computations. An initial round of user evaluations described in this paper led to many changes that significantly enhance usability.