A graph-based system for network-vulnerability analysis

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A graph-based system for network-vulnerability analysis

Full text

Pdf (749 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 1998 workshop on New security paradigms table of contents

Charlottesville, Virginia, United States

Pages: 71 - 79

Year of Publication: 1998

ISBN:1-58113-168-2

Authors

Cynthia Phillips	Sandia National Laboratories, MS 1110, Albuquerque, NM
Laura Painton Swiler	Sandia National Laboratories, MS 0746, Albuquerque, NM

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 32, Downloads (12 Months): 196, Citation Count: 19

Additional Information:

references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/310889.310919 What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Burch, C., Krumke, S., Marathe, M., Phillips C., and Sundberg, E. "Multicriteria Approximation Through Decomposition", submitted, 1998.
	2	Boris V. Cherkassky , Andrew V. Goldberg , Tomasz Radzik, Shortest paths algorithms: theory and experimental evaluation, Mathematical Programming: Series A and B, v.73 n.2, p.129-174, May 31, 1996 [doi>10.1007/BF02592101]
	3	Dacier, M., Y. Deswarte, and M. Kaaniche. "Quantitative Assessment of Operational Security: Models and Tools." LAAS Research Report 96493, May 1996.
	4	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987 [doi>10.1109/TSE.1987.232894]
	5	Michael R. Garey , David S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, 1979
	6	John Douglas Howard, An analysis of security incidents on the Internet 1989-1995, Carnegie Mellon University, Pittsburgh, PA, 1998
	7	Internet Security Systems, Inc. 41 Perimeter Center East, Suite 550, Atlanta, GA 30346. Creator of the X-force database, accessed via http://www.iss.net/xforce.
	8	Ulf Lindqvist , Erland Jonsson, A Map of Security Risks Associated with Using COTS, Computer, v.31 n.6, p.60-66, June 1998 [doi>10.1109/2.683009]
	9	Teresa F. Lunt, A survey of intrusion detection techniques, Computers and Security, v.12 n.4, p.405-418, June 1993 [doi>10.1016/0167-4048(93)90029-5]
	10	Meadows, C., "A representation of Protocol Attacks for Risk Assessment", Network Threats, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, Vol. 38, R. N. Wright and P.G. Neumann editors, American Mathematical Society, pp. 1-10.
	11	Ira S. Moskowitz , Myong H. Kang, An insecurity flow model, Proceedings of the 1997 workshop on New security paradigms, p.61-74, September 23-26, 1997, Langdale, Cumbria, United Kingdom [doi>10.1145/283699.283741]
	12	Dalit Naor , Douglas L. Brutlag, On Suboptimal Alignments of Biological Sequences, Proceedings of the 4th Annual Symposium on Combinatorial Pattern Matching, p.179-196, June 02-04, 1993
	13	Ortalo, R., Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security", in Dependable Computing for Critical Applications 6 (DCCA'6), (M.Dal Cin, C. Meadows and W.H. Sanders, Eds.), Grainau, Germany, March 5-7 1997, Dependable Computing and Fault-Tolerant Systems, vol. 11, pp.307-328, ISBN 0-8186-8009-1, IEEE Computer Society Press, 1998.
	14	Ortalo, R., Y. Deswarte, "Quantitative Evaluation of Information System Security", in Global IT Security, Proc. of the IFIP TC11 14th International Conference on Information Security (IFIP/SEC'98), (G. Papp, R. Posch, eds.), August 31 - September 4, Vienna-Budapest, Austria-Hungary, Austrian Computer Society, ISBN 3-85403-116-5, pp. 321-332, 1998.
	15	Cynthia A. Phillips, The network inhibition problem, Proceedings of the twenty-fifth annual ACM symposium on Theory of computing, p.776-785, May 16-18, 1993, San Diego, California, United States [doi>10.1145/167088.167286]
	16	Presidential Commission on Critical Infrastructure Protection. Commission Report "Critical Foundations: Protecting America's Infrastructures," October 1997. Available at: http:l/www.pccip.govlreport index.html
	17	SATAN. (Security Administrator Tool for Analyzing Networks) tool. SATAN's creators, Mr. Dan Farmer and Mr. Wietse Venema, made SATAN widely available over the Internet without cost starting April 5, 1995. It can be obtained from the web site: http:/l 142.3.223.54/~short/SECURITY/satan.html
	18	Tayi, G., Rosencrantz, D. and S. Ravi. "Path Problems in Networks with Vector Valued Edge Weights." Submitted for publication, October 1997.
	19	G. D. Wyss , H. K. Schriner , T. R. Gaylor, Probablistic Logic Modeling of Network Reliability for Hybrid Network Architectures, Proceedings of the 21st Annual IEEE Conference on Local Computer Networks, p.404, October 31-November 16, 1996

CITED BY 20

	Sankalp Singh , James Lyons , David M. Nicol, Fast model-based penetration testing, Proceedings of the 36th conference on Winter simulation, December 05-08, 2004, Washington, D.C.
	Dean A. Jones , Mark A. Turnquist , Linda K. Nozick, Simulation of imperfect information in vulnerability modeling for infrastructure facilities, Proceedings of the 37th conference on Winter simulation, December 04-07, 2005, Orlando, Florida
	Steven Noel , Sushil Jajodia, Managing attack graph complexity through visual hierarchical aggregation, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
	Xinming Ou , Wayne F. Boyer , Miles A. McQueen, A scalable approach to attack graph generation, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Jaehyuk Lee , Seungkyu Park , Gihyun Jung , Kyunghee Choi, Simulation framework for cyber terrors and defense, Proceedings of the 9th WSEAS International Conference on Communications, p.1-5, July 14-16, 2005, Athens, Greece
	Golnaz Elahi , Eric Yu, Modeling and analysis of security trade-offs - A goal oriented approach, Data & Knowledge Engineering, v.68 n.7, p.579-598, July, 2009
	Paul Ammann , Duminda Wijesekera , Saket Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	Joseph Pamula , Paul Ammann , Sushil Jajodia , Ronald Ritchey, A framework for establishing, assessing, and managing trust in inter-organizational relationships, Proceedings of the 3rd ACM workshop on Secure web services, November 03-03, 2006, Alexandria, Virginia, USA
	David M. Nicol, Modeling and Simulation in Security Evaluation, IEEE Security and Privacy, v.3 n.5, p.71-74, September 2005
	Zonghua Zhang , Pin-Han Ho, Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks, Journal of Network and Computer Applications, v.32 n.3, p.710-720, May, 2009
	Joseph Pamula , Sushil Jajodia , Paul Ammann , Vipin Swarup, A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection, October 30-30, 2006, Alexandria, Virginia, USA
	Rinku Dewri , Nayot Poolsappasit , Indrajit Ray , Darrell Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Sviatoslav Braynov , Murtuza Jadiwala, Representation and analysis of coordinated attacks, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, p.43-51, October 30, 2003, Washington, D.C.
	Lingyu Wang , Anoop Singhal , Sushil Jajodia, Toward measuring network security using attack graphs, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
	Xiuzhen Chen , Qinghua Zheng , Xiaohong Guan, An OVAL-based active vulnerability assessment system for enterprise computer networks, Information Systems Frontiers, v.10 n.5, p.573-588, November 2008
	Adam J. O'Donnell , Harish Sethu, On achieving software diversity for improved network security using distributed coloring algorithms, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Wei Wang , Thomas E. Daniels, A Graph Based Approach Toward Network Forensics Analysis, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-33, October 2008
	Peng Ning , Dingbang Xu, Hypothesizing and reasoning about attacks missed by intrusion detection systems, ACM Transactions on Information and System Security (TISSEC), v.7 n.4, p.591-627, November 2004
	Lars Grunske , David Joyce, Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles, Journal of Systems and Software, v.81 n.8, p.1327-1345, August, 2008
	Guy Helmer , Johnny Wong , Mark Slagell , Vasant Honavar , Les Miller , Yanxin Wang , Xia Wang , Natalia Stakhanova, Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems, International Journal of Information and Computer Security, v.1 n.1/2, p.109-142, January 2007

INDEX TERMS

Primary Classification:
G. Mathematics of Computing
G.2 DISCRETE MATHEMATICS

Additional Classification:
K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS

General Terms:
Algorithms, Design, Security

Keywords:
attack graph, computer security, network vulnerability

Collaborative Colleagues:

Cynthia Phillips: colleagues

Laura Painton Swiler: colleagues

Peer to Peer - Readers of this Article have also read:

Constructing reality Proceedings of the 11th annual international conference on Systems documentation
Douglas A. Powell , Norman R. Ball , Mansel W. Griffiths
The effect of latency on user performance in Warcraft III Proceedings of the 2nd workshop on Network and system support for games
Nathan Sheldon , Eric Girard , Seth Borg , Mark Claypool , Emmanuel Agu
Learning subjective relevance to facilitate information access Proceedings of the fourth international conference on Information and knowledge management
James R. Chen , Nathalie Mathé
Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher

Adobe Acrobat

QuickTime

Windows Media Player

Real Player