The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
The maximum concurrent flow problem
Journal of the ACM (JACM)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A parallel approximation algorithm for positive linear programming
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Machine Learning
Smart Card Handbook
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Introduction to Stochastic Search and Optimization
Introduction to Stochastic Search and Optimization
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Sequential and Parallel Algorithms for Mixed Packing and Covering
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Interactive visualization of large graphs and networks
Interactive visualization of large graphs and networks
IEEE Security and Privacy
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Expander flows, geometric embeddings and graph partitioning
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
0(\sqrt {\log n)} Approximation to SPARSEST CUT in Õ(n2) Time
FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
Advanced Lectures On Machine Learning: ML Summer Schools 2003, Canberra, Australia, February 2-14, 2003, Tubingen, Germany, August 4-16, 2003, Revised Lectures (Lecture Notes in Computer Science)
ACM Transactions on Computer Systems (TOCS)
O(√log n) approximation algorithms for min UnCut, min 2CNF deletion, and directed cut problems
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Protect Your Windows Network: From Perimeter to Data (Microsoft Technology)
Protect Your Windows Network: From Perimeter to Data (Microsoft Technology)
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
An O(√n)-approximation algorithm for directed sparsest cut
Information Processing Letters
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
Support Vector Ordinal Regression
Neural Computation
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Information security technology?...don't rely on it: a case study in social engineering
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Handbook of Biometrics
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Active graph reachability reduction for network security and software engineering
IJCAI'11 Proceedings of the Twenty-Second international joint conference on Artificial Intelligence - Volume Volume Two
Recovering from intrusions in distributed systems with DARE
Proceedings of the Asia-Pacific Workshop on Systems
Recovering from intrusions in distributed systems with DARE
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Asynchronous intrusion recovery for interconnected web services
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
| Hi-index | 0.01 |
As computers have become ever more interconnected, the complexity of security configuration has exploded. Management tools have not kept pace, and we show that this has made identity snowball attacks into a critical danger. Identity snowball attacks leverage the users logged in to a first compromised host to launch additional attacks with those users' privileges on other hosts. To combat such attacks, we present Heat-ray, a system that combines machine learning, combinatorial optimization and attack graphs to scalably manage security configuration. Through evaluation on an organization with several hundred thousand users and machines, we show that Heat-ray allows IT administrators to reduce by 96% the number of machines that can be used to launch a large-scale identity snowball attack.