Fast model-based penetration testing

Authors:
Sankalp Singh;James Lyons;David M. Nicol
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
WSC '04 Proceedings of the 36th conference on Winter simulation
Year:
2004

Citing 5
Cited 5

Importance sampling for the simulation of highly reliable Markovian systems

Management Science
Fast simulation of rare events in queueing and reliability models

ACM Transactions on Modeling and Computer Simulation (TOMACS)
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Scenario graphs and attack graphs

Scenario graphs and attack graphs

Model-Based Evaluation: From Dependability to Security

IEEE Transactions on Dependable and Secure Computing
Modeling and Simulation in Security Evaluation

IEEE Security and Privacy
Quantified security is a weak hypothesis: a critical survey of results and assumptions

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Analyzing vulnerabilities and measuring security level at design and exploitation stages of computer network life cycle

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Attack graph based evaluation of network security

CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditional approaches to security evaluation have been based on penetration testing of real systems, or analysis of formal models of such systems. The former suffer from the problem that the security metrics are based on only a few of the possible paths through the system. The latter suffer from the inability to analyze detailed system descriptions due to the rapid explosion of state space sizes, which render the models intractable for tools such as model checkers. We propose an approach to obtain statistically valid estimates of security metrics by performing repeated penetration testing of detailed system models. We make use of importance sampling techniques to help reduce the variance of our estimates, and achieve relative error bounds quickly. We validate our approach by estimating security metrics of a large model with more than 21700 possible states.