Host-centric model checking for network vulnerability analysis

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 225-234

  Hewett, Rattikorn ^a   Kijsanayothin, Phongphun ^a  

^a Texas Tech University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMBINATORIAL EXPLOSIONS; FORMAL VERIFICATIONS; GRAPH-BASED; MODEL CHECKERS; MODELING APPROACHES; MONOTONICITY; NETWORK VULNERABILITIES; PROBLEM SPACES; QUADRATIC POLYNOMIALS; SCALABILITY PROBLEMS; TIME COMPLEXITY;

COMPUTER APPLICATIONS; SECURITY SYSTEMS;

MODEL CHECKING;

EID: 60649119575     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.15     Document Type: Conference Paper

References (32)

1. Akers, S., "Binary Decision Diagrams," IEEE Trans. on Computers, vol. 27, no. 6, pp. 509-516, Jun., 1978.
2. st Annual Computer Security Applications Conference, pp. 72-84, 2005.
3. Ammann, P., D. Wijesekera, and S. Kaushik, "Scalable, graph-based network vulnerability analysis," Proc. of ACM conf. on Comp. & Com. Sec., pp. 217-224, 2002.
4. Biere, A., E. Cimtti, E. Clarke, M. Fujita, and Y. Zhu, "Symbolic model checking using SAT procedures instead of BDDs," Proc. of conf. on Design Automation, pp. 317-320, 1999.
5. Beale, J., R. Deraison, H. Meer, R. Temingh, and C. Walt, Nessus Network Auditing. Syngress Pub., 2004.
6. Bryant, R. E., "Graph-Based Algorithms for Boolean Function Manipul-ation," Trans. on Computers, vol. C-35, no. 8, pp. 677-691, 1986.
7. 20 states and beyond," Proc. of IEEE Symp. on Logic in Computer Science, LICS '90, pp. 428-439, 1990.
8. Chasin S., "Bugtrag mailing list," Avail. on http://www.securityfocus.com/archive/1, Nov, 2007.
9. CIAC - Computer Incident Advisory Capability, Avail. on http://www.ciac.org/ciac/index.html, Nov., 2007.
10. Cimatti, A., E. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore, M. Roveri, R. Sebastiani, and A. Tacchella, "NuSMV 2: An OpenSource Tool for Symbolic Model Checking," Proc. of Conf. on Comp. Aided Verif., 2002.
11. Clarke, E., O. Grumberg, and D. Peled, Model Checking. MIT Press, 2000.
12. Clarke, E. and J. Wing, "Formal methods: state of the art and future directions," Comp. Surveys, vol. 28, 1996.
13. Clarke, E., O. Grumberg, and D. Long, "Model checking and abstraction," ACM Trans. Prog. Lang. Syst., vol. 16, 1994.
14. Godefroid, P., Partial-Order Methods for the Verification of Concurrent Systems: An Approach to the State-Explosion Problem, Springer-Verlag New York, 1996.
15. Klaus, C., "Internet Security System," Avail. on http://www.iss.net, November, 2007.
16. Jajodia, S., S. Noel, and B. O'Berry, "Topological Analysis of Network Attack Vulnerability," Managing Cyber Threats: Issues, Approaches and Challenges, Springer 2005.
17. Jha, S., O. Sheyner, and J. Wing, "Two formal analyses of attack graphs," Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 49-63, 2002.
18. Ingols, K., R. Lippmann, and K. Piwowarski, "Practical Attack Graph Generation for Network Defense," Proc. of Comp. Sec. App. Conf., pp. 121-130, 2006.
19. Lapin, L., Statistics for Modern Business Decisions, Harcourt Brace Jovanovich, Inc., 1973.
20. Lippmann, R., K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham, "Validating and Restoring Defense in Depth Using Attack Graphs," Proc. of the Military Com. Conf., pp. 1-10, 2006.
21. McMillan, K., "Symbolic Model Checking: An Approach to the State Explosion Problem," Ph.D. Diss., Carnegie Mellon U., Pittsburgh, PA, USA, 1992.
22. Mell, P., and T. Grance, "NVD National Vulnerability Database," Avail. on http://nvd.nist.gov, Nov., 2007.
23. Noel, S. and S. Jajodia, "Managing attack graph complexity through visual hierarchical aggregation," Proc. of the ACM workshop on Visualization and data mining for computer security, 2004.
24. Ou, X., W. Boyer, and M. McQueen, "A scalable approach to attack graph generation," Proc. of ACM conf. on Comp. and Com. Security, pp. 336-345, 2006.
25. Phillips, C. and L. Swiler, "A graph-based system for network-vulnerability analysis," Proc. of the workshop on new security paradigms, pp. 71-79, 1998.
26. nd International Workshop on Verification, Model Checking and Abstract Interpretation, 1998.
27. Ritchey, R. and P. Ammann, "Using Model Checking to Analyze Network Vulnerabilities," Proc. of the IEEE Symposium on Security and Privacy, pp. 156-165, 2000.
28. Schnoebelen, P., The complexity of temporal logic model checking, Advanced in Modal Logic, vol. 4, King's College Pub., London, pp. 393-436, 2003.
29. Sheyner, O. and J. Wing, "Tools for Generating and Analyzing Attack Graphs," Proc. of Workshop on Formal Methods for Comp. and Objects, pp. 344-371, 2004.
30. Sheyner, O., J. Haines, S. Jha, R. Lippmann, and J. Wing, "Automated generation and analysis of attack graphs," Proc. of the IEEE Symposium on Security and Privacy, pp. 273-284, 2002.
31. The SMV (Symbolic Model Verifier) System, Avail. on http://www.cs.cmu. edu/~m-odelcheck/smv.html, 2007.
32. Swiler, L., C. Phillips, D. Ellis, and S. Chakerian, "Computer- attack graph generation tool," Proc. DARPA Info. Surv. Conf. & Expo. II, vol. 2, pp. 307-321, 2001.