Scalable, graph-based network vulnerability analysis

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2002, Pages 217-224

  Ammann, Paul ^a   Wijesekera, Duminda ^a   Kaushik, Saket ^a  

^a George Mason University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; COMPUTATIONAL COMPLEXITY; ELECTRONIC COMMERCE; JAVA PROGRAMMING LANGUAGE; POLYNOMIALS; SECURITY OF DATA; TREES (MATHEMATICS);

GRAPH-BASED NETWORK; MONOTONICITY; VULNERABILITY;

NETWORK PROTOCOLS;

EID: 0038687692     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/586110.586140     Document Type: Conference Paper

References (17)

1. R. Baldwin. Kuang: Rule based security checking. Technical report, MIT Lab for Computer Science, Programming Systems Research Group, May 1994.
2. Computer Oracle and Password System (COPS). ftp.cert.org/pub/tools/cops.
3. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (Oakland 2002)
4. Network associates: CyberCop Scanner. www.nai.com/asp_set/products/tns/ccscanner_intro.asp.
5. M. Dacier, Y. Deswartes, and M. Kaaniche. Quantitive assessment of operational security models and tools. Technical Report Research Report 96493, LAAS, May 1996.
6. J. Dawkins, C. Campbell, and J. Hale. Modeling network attacks: Extending the attack tree paradigm. In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University, June 2002. Center for Informaion Security, University of Tulsa.
7. S. Jha, O. Sheyner, and J. Wing. Minimization and reliability analysis of attack graphs. Technical Report CMU-CS-02-109, School of Computer Science, Carnegie Mellon University, February 2002.
8. S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In Proceedings of the 2002 Computer Security Foundations Workshop, pages 45-59, Nova Scotia, June 2002.
9. R. Ortalo, Y. Deswarte, and M. Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions on Software Engineering, 25(5): 633-650, September/October 1999.
10. C. Phillips, and L. Swiler. A graph-based system for network-vulnerability analysis. In Proceedings of the New Security Paradigms Workshop, pages 71-79. Charlottesville, VA 1998.
11. C. Ramakrishnan and R. Sekar. Model-based vulnerability analysis of computer systems. In Proceedings of the 2nd International Workshop on Verification, Model Checking and Abstract Interpretation, September 1998.
12. R.W. Ritchey and P. Ammann. Using model checking to analyze network vulnerabilities. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (Oakland 2000), pages 156-165, Oakland, CA, May 2000.
13. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (Oakland 2002), Oakland. CA, May 2002.
14. L. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In Proceedings DISCEX '01: DARPA Information Survivability Conference & Exposition II, pages 307-321, June 2001.
15. Internet security systems: System Scanner. www.iss.net.
16. S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop, Cork, Ireland, September 2000. http://seclab.cs.ucdavis.edu/papers/NP2000-rev.pdf.
17. D. Zerkle and K. Levitt. Netkuang - A multi-host configuration vulnerability checker. In Proceedings of the 6th USENIX Unix Security Symposium, San Jose, CA, 1996.