Analyzing uncertainty in TG protection graphs with TG/MC

Authors:
James R. Conrad;Jim Alves-Foss;Sauchi Stephen Lee
Affiliations:
(Correspd. Tel.: +1 208 573 6450) Department of Computer Science, University of Idaho, Moscow, ID, USA. E-mails: {conr2286, jimaf}@uidaho.edu;Department of Computer Science, University of Idaho, Moscow, ID, USA. E-mails: {conr2286, jimaf}@uidaho.edu;Department of Statistics, University of Idaho, Moscow, ID, USA
Venue:
Journal of Computer Security
Year:
2010

Citing 17
Cited 0

Models and tools for quantitative assessment of operational security

Information systems security
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
A Linear Time Algorithm for Deciding Subject Security

Journal of the ACM (JACM)
Protection in operating systems

Communications of the ACM
Writing Secure Code

Writing Secure Code
Security flaws in 802.11 data link protocols

Communications of the ACM - Wireless networking security
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
The transfer of information and authority in a protection system

SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Practical take-grant systems: do they exist?

Practical take-grant systems: do they exist?
Managing attack graph complexity through visual hierarchical aggregation

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Securing Wi-Fi Networks

Computer
Fast dictionary attacks on passwords using time-space tradeoff

Proceedings of the 12th ACM conference on Computer and communications security
The Final Nail in WEP's Coffin

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Topological analysis of network attack vulnerability

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Toward measuring network security using attack graphs

Proceedings of the 2007 ACM workshop on Quality of protection
Network vulnerability analysis through vulnerability take-grant model (VTG)

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security

Quantified Score

Hi-index	0.01

Visualization

Abstract

We introduce TG/MC, a Monte Carlo approach for evaluating the impact of uncertainty about vulnerabilities upon forecasts of security for a real-world system modeled by a protection graph. A TG/MC model defines a vulnerability as a potential change to an otherwise safe initial protection graph that, if exploited, leads to an unauthorized state, a violation of the system's security policy through the application of TG rules. TG/MC captures uncertainties about vulnerabilities as probability distributions and forecasts the probability of a specific security violation. TG/MC extends beyond the rigid yes/no analysis of safety in a TG protection graph to consider uncertainty in questions of security for real-world systems.