In measuring the overall security of a network, a crucial issue is to correctly compose the measure of individual components. Incorrect compositions may lead to misleading results. For example, a network with less vulnerabilities or a more diversified configuration is not necessarily more secure. To obtain correct compositions of individual measures, we need to first understand the interplay between network components. For example, how vulnerabilities can be combined by attackers in advancing an intrusion. Such an understanding becomes possible with recent advances in modeling network security using attack graphs. Based on our experiences with attack graph analysis, we propose an integrated framework for measuring various aspects of network security. We first outline our principles andmethodologies. We then describe concrete examples to buildintuitions. Finally, we present our formal framework. It is our belief that metrics developed based on the proposed framework will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack response.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Paul Ammann , Duminda Wijesekera , Saket Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586140]
	2	Applied Computer Security Associates. Workshop on. In Information Security System Scoring and Ranking, 2001.
	3	D. Balzarotti, M. Monga, and S. Sicari. Assessing the risk of using vulnerable components. In Proceedings of the 1st Workshop on Quality of Protection, 2005.
	4	P. Balzarotti, M. Monga, and S. Sicari. Assessing the risk of using vulnerable components. In Proceedings of the 2nd ACM workshop on Quality of protection, 2005.
	5	Thomas Beth , Malte Borcherding , Birgit Klein, Valuation of Trust in Open Networks, Proceedings of the Third European Symposium on Research in Computer Security, p.3-18, November 07-09, 1994
	6	Peter Chapin , Christian Skalka , X. Sean Wang, Risk assessment in distributed authorization, Proceedings of the 2005 ACM workshop on Formal methods in security engineering, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1103576.1103581]
	7	M. Dacier. Towards quantitative evaluation of computer security. Ph.D. Thesis, Institut National Polytechnique de Toulouse, 1994.
	8	M. Dacier, Y. Deswarte, and M. Kaaniche. Quantitative assessment of operational security: Models and tools. Technical Report 96493, 1996.
	9	D. Farmer and E.H. Spafford. The COPS security checker system. In USENIX Summer, pages 165--170, 1990.
	10	K.S. Hoo. Metrics of network security. White Paper, 2004.
	11	M. Howard, J. Pincus, and J. Wing. Measuring relative attack surfaces. In Workshop on Advanced Developments in Software and Systems Security, 2003.
	12	S. Jajodia, S. Noel, and B. O'Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, 2003.
	13	Pratyusa Manadhata , Jeannette Wing , Mark Flynn , Miles McQueen, Measuring the attack surfaces of two FTP daemons, Proceedings of the 2nd ACM workshop on Quality of protection, October 30-30, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179494.1179497]
	14	Steven Noel , Eric Robertson , Sushil Jajodia, Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances, Proceedings of the 20th Annual Computer Security Applications Conference, p.350-359, December 06-10, 2004  [doi>10.1109/CSAC.2004.11]
	15	Steven Noel , Sushil Jajodia , Brian O'Berry , Michael Jacobs, Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs, Proceedings of the 19th Annual Computer Security Applications Conference, p.86, December 08-12, 2003
	16	National Institute of Standards and Technology. Technology assessment: Methods for measuring the level of computer security. NIST Special Publication 500-133, 1985.
	17	Rodolphe Ortalo , Yves Deswarte , Mohamed Kaâniche, Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security, IEEE Transactions on Software Engineering, v.25 n.5, p.633-650, September 1999  [doi>10.1109/32.815323]
	18	J. Wing P. Manadhata. Measuring a system's attack surface. Technical Report CMU-CS-04-102, 2004.
	19	J. Wing P. Manadhata. An attack surface metric. Technical Report CMU-CS-05-155, 2005.
	20	J. Wing P. Manadhata. An attack surface metric. In First Workshop on Security Metrics (MetriCon), 2006.
	21	Joseph Pamula , Sushil Jajodia , Paul Ammann , Vipin Swarup, A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection, October 30-30, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179494.1179502]
	22	Cynthia Phillips , Laura Painton Swiler, A graph-based system for network-vulnerability analysis, Proceedings of the 1998 workshop on New security paradigms, p.71-79, September 22-26, 1998, Charlottesville, Virginia, United States  [doi>10.1145/310889.310919]
	23	C. R. Ramakrishnan , R. Sekar, Model-based analysis of configuration vulnerabilities, Journal of Computer Security, v.10 n.1-2, p.189-209, 2002
	24	Michael K. Reiter , Stuart G. Stubblebine, Authentication metric analysis and design, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.138-158, May 1999  [doi>10.1145/317087.317088]
	25	Ronald W. Ritchey , Paul Ammann, Using Model Checking to Analyze Network Vulnerabilities, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.156, May 14-17, 2000
	26	Oleg Sheyner , Joshua Haines , Somesh Jha , Richard Lippmann , Jeannette M. Wing, Automated Generation and Analysis of Attack Graphs, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.273, May 12-15, 2002
	27	M. Swanson, N. Bartol, J. Sabato, J. Hash, and L. Graffo. Security metrics guide for information technology systems. NIST Special Publication 800-55, 2003.
	28	L. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX'01), 2001.
	29	L. Wang, A. Liu, and S. Jajodia. An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS 2005), pages 247--266, 2005.
	30	Lingyu Wang , Steven Noel , Sushil Jajodia, Minimum-cost network hardening using attack graphs, Computer Communications, v.29 n.18, p.3812-3824, November, 2006  [doi>10.1016/j.comcom.2006.06.018]
	31	Lingyu Wang , Steven Noel , Sushil Jajodia, Minimum-cost network hardening using attack graphs, Computer Communications, v.29 n.18, p.3812-3824, November, 2006  [doi>10.1016/j.comcom.2006.06.018]
	32	L. Wang, A. Singhal, and S. Jajodia. Measuring the overall security of network configurations using attack graphs. In Proceedings of 21th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2007), 2007.
	33	L. Wang, C. Yao, A. Singhal, and S. Jajodia. Interactive analysis of attack graphs using relational queries. In Proceedings of 20th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), pages 119--132, 2006.
	34	Dan Zerkle , Karl Levitt, NetKuang: a multi-host configuration vulnerability checker, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, p.20-20, July 22-25, 1996, San Jose, California