Measuring the overall security of network configurations using attack graphs
作者: Lingyu Wang , Anoop Singhal , Sushil Jajodia
DOI: 10.1007/978-3-540-73538-0_9
关键词: Attack response 、 Real number 、 Vulnerability assessment 、 Mathematics 、 Theoretical computer science 、 Network security 、 Attack graph
摘要: Today's computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply determined based on the number vulnerabilities. To quantitatively assess networked systems, one must first understand and how attack. Such understanding becomes possible with recent advances in modeling composition as graphs. Based our experiences graph analysis, we explore different concepts issues metric to quantify potential attacks. accomplish this, present resistance assessing comparing configurations. This paper describes at abstract level two operators features expressing additional constraints. We consider concrete cases. case assumes domain real second represents resistances set initial conditions. show that proposed satisfies desired properties it adheres common sense. At same time, generalizes previously is also It belief will lead novel quantitative approaches vulnerability hardening, responses.
springer.com
sci-hub.st 参考文章(33)
Davide Balzarotti, Mattia Monga, Sabrina Sicari, Assessing the risk of using vulnerable components Quality of Protection. pp. 65- 77 ,(2006) , 10.1007/978-0-387-36584-8_6
Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund Clarke, Jeannette Wing, Ranking Attack Graphs Lecture Notes in Computer Science. pp. 127- 144 ,(2006) , 10.1007/11856214_7
Marc Dacier, Yves Deswarte Mohamed Kaâniche, Quantitative Assessment of Operational Security: Models and Tools * ,(1996)
Eugene H. Spafford, Daniel Farmer, The COPS Security Checker System USENIX Summer. pp. 165- 170 ,(1990)
Lingyu Wang, Anyi Liu, Sushil Jajodia, An Efficient and Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts Computer Security – ESORICS 2005. pp. 247- 266 ,(2005) , 10.1007/11555827_15
Thomas Beth, Malte Borcherding, Birgit Klein, Valuation of Trust in Open Networks european symposium on research in computer security. pp. 3- 18 ,(1994) , 10.1007/3-540-58618-0_53
C.R. Ramakrishnan, R. Sekar, Model-based analysis of configuration vulnerabilities Journal of Computer Security. ,vol. 10, pp. 189- 209 ,(2002) , 10.3233/JCS-2002-101-209
Lingyu Wang, Chao Yao, Anoop Singhal, Sushil Jajodia, Interactive analysis of attack graphs using relational queries Lecture Notes in Computer Science. pp. 119- 132 ,(2006) , 10.1007/11805588_9
M. Dacier, Y. Deswarte, M. Kaâniche, Models and tools for quantitative assessment of operational security information security. pp. 177- 186 ,(1996) , 10.1007/978-1-5041-2919-0_15
S. Noel, E. Robertson, S. Jajodia, Correlating intrusion events and building attack scenarios through attack graph distances annual computer security applications conference. pp. 350- 359 ,(2004) , 10.1109/CSAC.2004.11