Unfounded sets and well-founded semantics for general logic programs
Proceedings of the seventh ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Complexity and expressive power of logic programming
ACM Computing Surveys (CSUR)
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
XSB: A System for Effciently Computing WFS
LPNMR '97 Proceedings of the 4th International Conference on Logic Programming and Nonmonotonic Reasoning
Policy-Based Management: Bridging the Gap
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A formal approach to sensor placement and configuration in a network intrusion detection system
Proceedings of the 2006 international workshop on Software engineering for secure systems
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Security policy analysis using deductive spreadsheets
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Xcellog: A deductive spreadsheet system
The Knowledge Engineering Review
GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients
Proceedings of the 2009 ACM symposium on Applied Computing
A Scalable Approach to Full Attack Graphs Generation
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Maximizing network security given a limited budget
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Towards Unifying Vulnerability Information for Attack Graph Construction
ISC '09 Proceedings of the 12th International Conference on Information Security
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
A formal logic approach to firewall packet filtering analysis and generation
Artificial Intelligence Review
Evaluating MAPSec by marking attack graphs
Wireless Networks
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Ontology and algorithms for the dependable configuration of information systems
International Journal of Critical Computer-Based Systems
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Towards automatically checking thousands of failures with micro-specifications
HotDep'10 Proceedings of the Sixth international conference on Hot topics in system dependability
Remodeling vulnerability information
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Boosting performance in attack intention recognition by integrating multiple techniques
Frontiers of Computer Science in China
FATE and DESTINI: a framework for cloud recovery testing
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Deductive spreadsheets using tabled logic programming
ICLP'06 Proceedings of the 22nd international conference on Logic Programming
Supporting vulnerability awareness in autonomic networks and systems with OVAL
Proceedings of the 7th International Conference on Network and Services Management
Attack graph based evaluation of network security
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
A model-based method for security configuration verification
IWSEC'06 Proceedings of the 1st international conference on Security
Teaching experience: logic and formal methods with coq
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Network vulnerability analysis using text mining
ACIIDS'12 Proceedings of the 4th Asian conference on Intelligent Information and Database Systems - Volume Part II
Active graph reachability reduction for network security and software engineering
IJCAI'11 Proceedings of the Twenty-Second international joint conference on Artificial Intelligence - Volume Volume Two
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
NV: Nessus vulnerability visualization for the web
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Policy-Based vulnerability assessment for virtual organisations
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
To determine the security impact software vulnerabilities have on a particular network, one must consider interactions among multiple network elements. For a vulnerability analysis tool to be useful in practice, two features are crucial. First, the model used in the analysis must be able to automatically integrate formal vulnerability specifications from the bug-reporting community. Second, the analysis must be able to scale to networks with thousands of machines. We show how to achieve these two goals by presenting MulVAL, an end-to-end framework and reasoning system that conducts multihost, multistage vulnerability analysis on a network. MulVAL adopts Datalog as the modeling language for the elements in the analysis (bug specification, configuration description, reasoning rules, operating-system permission and privilege model, etc.). We easily leverage existing vulnerability-database and scanning tools by expressing their output in Datalog and feeding it to our MulVAL reasoning engine. Once the information is collected, the analysis can be performed in seconds for networks with thousands of machines. We implemented our framework on the Red Hat Linux platform. Our framework can reason about 84% of the Red Hat bugs reported in OVAL, a formal vulnerability definition language. We tested our tool on a real network with hundreds of users. The tool detected a policy violation caused by software vulnerabilities and the system administrators took remediation measures.