DAC '96 Proceedings of the 33rd annual Design Automation Conference
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Minimum-cost network hardening using attack graphs
Computer Communications
Solving the minimum-cost satisfiability problem using SAT based branch-and-bound search
Proceedings of the 2006 IEEE/ACM international conference on Computer-aided design
Network configuration management via model finding
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Declarative Infrastructure Configuration Synthesis and Debugging
Journal of Network and Systems Management
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Zchaff2004: an efficient SAT solver
SAT'04 Proceedings of the 7th international conference on Theory and Applications of Satisfiability Testing
On solving the partial MAX-SAT problem
SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Search pruning techniques in SAT-based branch-and-bound algorithms for the binate covering problem
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Towards automatic creation of usable security configuration
INFOCOM'10 Proceedings of the 29th conference on Information communications
Relational network-service clustering analysis with set evidences
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
Enterprise network security management is a complex task of balancing security and usability, with trade-offs often necessary between the two. Past work has provided ways to identify intricate attack paths due to misconfiguration and vulnerabilities in an enterprise system, but little has been done to address how to correct the security problems within the context of various other requirements such as usability, ease of access, and cost of countermeasures. This paper presents an approach based on Boolean Satisfiability Solving (SAT Solving) that can reason about attacks, usability requirements, cost of actions, etc. in a unified, logical framework. Preliminary results show that the approach is both effective and efficient.