A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Introduction to Algorithms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A Host-Based Approach to Network Attack Chaining Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Towards an agent based framework for the design of secure web services
Proceedings of the 2008 ACM workshop on Secure web services
Hi-index | 0.00 |
In this paper, we present an efficient, novel framework for establishing, assessing, and managing trust in inter-organizational relationships, in terms of allowable network sharing, that is based on analyzing an invariance property of a computer network environment. Our goal is to answer the following two questions: (1) From any given host in one network, what level of access, direct or indirect, is implied to each host in another network? This addresses the consequences of connecting two networks on access levels between networks. (2) What are the effects, in terms of access internal to a given network, of connecting to another network? This addresses the consequences of connecting two networks on access levels internal to a given network. Answers to these questions allow an informed business decision to be made as to whether the proposed network sharing should be allowed, and, if so, what the consequences of this network sharing are. We utilize the host-centric model in the design of our model to compactly represent and efficiently analyze the access graphs of shared network environments. We present an efficient algorithm for computing the highest achievable accesses between host pairs that are within a network and that are accessible between the shared networks due to an interconnecting edge. We use the algorithm to assess the consequences of the proposed network sharing accesses.