XSB as an efficient deductive database engine
SIGMOD '94 Proceedings of the 1994 ACM SIGMOD international conference on Management of data
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
A logic-programming approach to network security analysis
A logic-programming approach to network security analysis
C2: The Case for a Network Configuration Checking Language
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
Declarative Infrastructure Configuration Synthesis and Debugging
Journal of Network and Systems Management
Formalizing information security knowledge
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Hi-index | 0.00 |
Evaluating the security of a computer network system is a challenging task. Configurations of large systems are complex entities in continuous evolution. The installation of new software, a change in the firewall rules, or the discovery of a software vulnerability can be exploited by a malicious user to gain unauthorized control of the integrity, availability and confidentiality of the assets of an organization. This paper presents a framework for building security assessment tools able to perform online verification of the security of a system configuration. Heterogeneous data generated from multiple sources are integrated into a homogeneous RDF representation using domain-specific ontologies and used for assessing the security of a configuration toward known attack vectors. Different vocabularies can be defined to express configurations, policies and attacks for each aspect of the security of an organization (e.g., network security, physical security and application level security) in a modular way. By automatically extracting part of the configuration from the network system, the tool is able to detect in near real-time security threats created by configuration changes.