Models and tools for quantitative assessment of operational security
Information systems security
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Representing TCP/IP Connectivity For Topological Analysis of Network Security
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
A framework for establishing, assessing, and managing trust in inter-organizational relationships
Proceedings of the 3rd ACM workshop on Secure web services
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Assessing the risk of an information infrastructure through security dependencies
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Hi-index | 0.00 |
Attack graphs represent known attack sequences that attackers can use to penetrate computer networks. Recently, many researchers have proposed techniques for automatically generating attack graphs for a given computer network. These techniques either use model checkers to generate attack graphs and suffer from scalability problems, or they are based on an assumption of monotonicity and are unable to represent real-world situations. In this paper, we present a vulnerability analysis technique that is more scalable than model-checker-based solutions and more expressive than monotonicity-based solutions. We represent individual attacks as the transition rules of a rule-based system. We define noninterfering rulesets and present efficient, scalable algorithms for those sets. We then consider arbitrary nonmonotonic rulesets and present a series of optimizations which permit us to perform vulnerability assessment efficiently in most practical cases. We motivate the issues and illustrate our techniques using a substantial example.