Heuristic evaluation of user interfaces
CHI '90 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Usability inspection methods
Ordered and quantum treemaps: Making effective use of 2D space to display hierarchies
ACM Transactions on Graphics (TOG)
Risk-based Systems Security Engineering: Stopping Attacks with Intention
IEEE Security and Privacy
INFOVIS '05 Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization
Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Network Visualization by Semantic Substrates
IEEE Transactions on Visualization and Computer Graphics
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
Attack graphs enable computation of important network security metrics by revealing potential attack paths an adversary could use to gain control of network assets. This paper presents GARNET (Graphical Attack graph and Reachability Network Evaluation Tool), an interactive visualization tool that facilitates attack graph analysis. It provides a simplified view of critical steps that can be taken by an attacker and of host-to-host network reachability that enables these exploits. It allows users to perform "what-if" experiments including adding new zero-day attacks, following recommendations to patch software vulnerabilities, and changing the attacker starting location to analyze external and internal attackers. Users can also compute and view metrics of assets captured versus attacker effort to compare the security of complex networks. For adversaries with three skill levels, it is possible to create graphs of assets captured versus attacker steps and the number of unique exploits required. GARNET is implemented as a Java application and is built on top of an existing C++ engine that performs reachability and attack graph computations. An initial round of user evaluations described in this paper led to many changes that significantly enhance usability.