Vulnerability Take Grant (VTG): An efficient approach to analyze network vulnerabilities

Computers and Security

Volumn 26, Issue 5, 2007, Pages 349-360

  Shahriari, Hamid Reza ^a   Jalili, Rasool ^a  

^a SHARIF UNIVERSITY OF TECHNOLOGY   (Iran)

Author keywords

Access control; Multiphase attack analysis; Network security; Safety problem; Vulnerability; Vulnerability analysis; Vulnerability Take Grant model

Indexed keywords

MULTIPHASE ATTACK ANALYSIS; SAFETY PROBLEM; VULNERABILITY ANALYSIS; VULNERABILITY TAKE GRANT (VTG);

ACCESS CONTROL; ALGORITHMS; GRAPH THEORY; MATHEMATICAL MODELS; NETWORK SECURITY; PROBLEM SOLVING;

INFORMATION SYSTEMS;

EID: 34447521494     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2007.03.002     Document Type: Article

References (36)

1. Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerability analysis. In: Proceedings of nineth ACM conference on computer and communications security, Washington, DC; November 2002.
2. Bishop M. Hierarchical take-grant protection systems. In: Proceedings of 8th symposium on operating systems principals; December 1981. p. 107-23.
3. Bishop M. Practical Take-Grant systems: do they exist? Ph.D. thesis, Department of Computer Sciences, Purdue University, West Lafayette, IN 47097; May 1984.
4. Bishop M. Conspiracy and information flow in the Take-Grant protection model. Journal of Computer Security 4 4 (1996) 331-360
5. Bishop M., and Bailey D. A critical analysis of vulnerability taxonomies. Technical report CSE-96-11 (September 1996), Department of Computer Science, University of California at Davis
6. CERT Advisory CA-2000-02. Malicious HTML tags embedded in client web requests [online]. Available from: .
7. Cheops-ng, the network swiss army knife [online]. Available from: .
8. Dacier M., and Deswarte Y. Privilege graph: an extension to the typed access matrix model. Proceedings of third European symposium on research in computer security (ESORICS 94), (Brighton, UK). Lecture Notes in Computer Science: Computer Security 875 (1994) 319-334 [Springer-Verlag]
9. Derasion R. The Nessus attack scripting language reference guide. [online] (2000). Available from:
10. Frank J., and Bishop M. Extending the Take-Grant protection system. Technical Report (1996), Department of Computer Science, University of California at Davis
11. Hansman S., and Hunt R. A taxonomy of network and computer attacks. Journal of Computer Security 24 1 (2005) 31-43
12. Internet Security Systems. System Scanner information [online]. Available from: .
13. Isamil O, Etoh M, Kadobayashi Y. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability. In: Proceedings of the 18th international conference on advanced information networking and application (AINA'04); 2004.
14. Jones A, Lipton R, Snyder L. A linear time algorithm for deciding security. In: Proceedings of 17th annual symposium on the foundations of computer science; October 1976. p. 33-41.
15. Jones A. Protection mechanism models: their usefulness. Foundations of secure computing (1978), Academic Press, New York City, NY p. 237-54
16. Jha S, Sheyner O, Wing J. Two formal analyses of attack graphs. In: Proceedings of 15th IEEE computer security foundations workshop, Nova Scotia, Canada; June 2002.
17. Jajodia S., Noel S., and O'Berry B. Topological analysis of network attack vulnerability. In: Kumar V., Srivastava J., and Lazarevic A. (Eds). Managing cyber threats: issues, approaches and challenges (2003), Kluwer Academic Publisher
18. Mitre Corporation. Common vulnerabilities and exposure database [online]. Available from: .
19. Noel S, Jajodia S, O'Berry B, Jacobs M. Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th annual computer security applications conference, Las Vegas, Nevada; December 2003.
20. Noel S, Jajodia S. Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the ACM CCS workshop on visualization and data mining for computer security, Fairfax, Virginia; October 2004.
21. Noel S, Robertson E, Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances. In: Proceedings of the 20th annual computer security applications conference, Tucson, Arizona; December 2004.
22. Ou X, Govindavajhala S, Appel AW. MulVal: a logic-based network security analyzer. In: Proceedings of 14th USENIX Security Symposium; 2005. p. 113-28.
23. Ritchey RW, Ammann P. Using model checking to analyze network vulnerabilities. In: Proceedings of IEEE symposium on security and privacy; May 2001. p. 156-65.
24. Ryan P., and Schneider S. Modeling and analysis of Security protocols: a CSP approach (2001), Addison-Wesley
25. Ramakrishnan C.R., and Sekar R. Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10 1/2 (2002) 189-209
26. Rohrmair G, Lowe G. Using data-independence in the analysis of intrusion detection systems. In: Workshop on issues in the theory of security (WITS'03), Warsaw, Poland; April 2003.
27. Snyder L. On the synthesis and analysis of protection systems. In: Proceedings of sixth symposium on operating systems principals; November 1977. p. 141-50.
28. Swiler L, Phillips C, Ellis D, Chakerian S. Computer attack graph generation tool. In: Proceedings of DARPA information survivability conference & exposition II; June 2001.
29. Sheyner O, Haines J, Jha S, Lippmann R, Wing J. Automated generation and analysis of attack graphs. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA; 2002.
30. Shapiro J.S. The practical application of a decidable access control model. Technical Report SRL-2003-04 (2003), John Hopkins University
31. SANS Research Center. The SANS top 20 Internet security vulnerabilities [online]. Available from: .
32. Shahriari HR, Jalili R. Using CSP to model and analyze transmission control vulnerabilities within the broadcast network. In: Proceedings of the IEEE international networking and communication conference (INCC'2004); June 2004, p. 42-7.
33. Shahriari HR, Jalili R. Modeling and analyzing network vulnerabilities via a logic-based approach. In: Proceedings of second international symposium of telecommunications (IST 2005), September 10-12; 2005, p. 13-8.
34. Wu M. Hierarchical protection systems. In: Proceedings of 1981 symposium on security and privacy; April 1981. p. 113-23.
35. Wojcik M., Bergeron T., Wittbold T., and Roberge R. Introduction to OVAL: A new language to determine the presence of software vulnerabilities. [online] (November 2003). Available from:
36. Zerkle D, Levitt K. NetKuang - a multi-host configuration vulnerability checker. In: Proceedings of the sixth USENIX UNIX security symposium, San Jose, CA; 1996.