SAT-solving approaches to context-aware enterprise network security management

IEEE Journal on Selected Areas in Communications

Volumn 27, Issue 3, 2009, Pages 315-322

  Homer, John ^a   Ou, Xinming ^a  

^a KANSAS STATE UNIVERSITY   (United States)

Author keywords

Boolean Satisfiability Problem (SAT); Computer Network Management; Computer Network Security; Risk Analysis; Security

Indexed keywords

ATTACK PATHS; BOOLEAN SATISFIABILITY; BOOLEAN SATISFIABILITY PROBLEM (SAT); COMPLEX TASKS; COMPUTER NETWORK MANAGEMENT; COMPUTER NETWORK SECURITY; CONTEXT-AWARE; ENTERPRISE NETWORKS; ENTERPRISE SYSTEMS; LOGICAL FRAMEWORKS; MISCONFIGURATION; SAT-SOLVING; SECURITY; SECURITY PROBLEMS; USABILITY REQUIREMENTS;

BOOLEAN FUNCTIONS; COMPUTERS; DECISION MAKING; INDUSTRIAL MANAGEMENT; INTERNET; NETWORK MANAGEMENT; RISK ANALYSIS; RISK ASSESSMENT; SAFETY FACTOR;

NETWORK SECURITY;

EID: 64249112993     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2009.090407     Document Type: Article

References (23)

1. Stefano Ceri, Georg Gottlob, and Letizia Tanca. What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowledge Data Eng., 1(1):146-166, 1989.
2. Olivier Coudert. On solving covering problems. In 33rd Design Automation Conference (DAC'96), pages 197-202, 1996.
3. Rinku Dewri, Nayot Poolsappasit, Indrajit Ray, and Darrell Whitley. Optimal security hardening using multi-objective optimization on attack tree models of networks. In 14th ACM Conference on Computer and Communications Security (CCS), 2007.
4. Zhaohui Fu and Sharad Malik. On solving the partial MAX-SAT problem. In Armin Biere and Carla P. Gomes, editors, Proc. Theory Applications Satisfiability Testing - SAT 2006, pages 252-265, 2006.
5. Zhaohui Fu and Sharad Malik. Solving the Minimum-Cost Satisfiability problem using SAT based branch and bound search. In Proc.International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, 2006.
6. Kyle Ingols, Richard Lippmann, and Keith Piwowarski. Practical attack graph generation for network defense. In 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006.
7. Sushil Jajodia, Steven Noel, and Brian O'Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challanges, chapter 5. Kluwer Academic Publisher, 2003.
8. Somesh Jha, Oleg Sheyner, and Jeannette M.Wing. Two formal analyses of attack graphs. In Proc.15th IEEE Computer Security Foundations Workshop, pages 49-63, Nova Scotia, Canada, June 2002.
9. Xiao Yu Li. Optimization Algorithms for the Minimum-Cost Satisfiability Problem. PhD thesis, North Carolina State University, Raleigh, North Carolina, 2004.
10. Richard Lippmann, Kyle Ingols, Chris Scott, Keith Piwowarski, Kendra Kratkiewicz, Mike Artz, and Robert Cunningham. Validating and restoring defense in depth using attack graphs. In Military Communications Conference (MILCOM), Washington, DC, U.S.A., October 2006.
11. Richard Lippmann and Kyle W. Ingols. An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory, March 2005.
12. Richard P. Lippmann, Kyle W. Ingols, Chris Scott, Keith Piwowarski, Kendra Kratkiewicz, Michael Artz, and Robert Cunningham. Evaluating and strengthening enterprise network security using attack graphs. Technical Report ESC-TR-2005-064, MIT Lincoln Laboratory, October 2005.
13. Yogesh S. Mahajan, Zhaohui Fu, and Sharad Malik. Zchaff2004: An efficient SAT solver. In Lecture Notes in Computer Science SAT 2004 Special Volume, pages 360-375. LNCS 3542, 2004.
14. Vasco M. Manquinho and Jo ao P. Marques-Silva. Search pruning techniques in SAT-based branch-and-bound algorithmsfor the binate covering problem. IEEE Trans. Computer-Aided Design, 21:505-516, 2002.
15. Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund Clarke, and Jeannette Wing. Ranking attack graphs. In Proc. Recent Advances in Intrusion Detection (RAID), September 2006.
16. Sanjai Narain. Network configuration management via model finding. In Proc. 19th conference on Large Installation System Administration Conference (LISA), 2005.
17. Sanjai Narain, Gary Levin, Vikram Kaul, and Sharad Malik. Declarative infrastructure configuration synthesis and debugging. J. Network Systems and Management, Special Issue on Security Configuration, 2008.
18. Steven Noel, Sushil Jajodia, Brian O'Berry, and Michael Jacobs. Efficient minimum-cost network hardening via exploit dependency graphs. In 19th Annual Computer Security Applications Conference (ACSAC), December 2003.
19. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. A scalable approach to attack graph generation. In 13th ACM Conference on Computer and Communications Security (CCS), pages 336-345, 2006.
20. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. Mul- VAL: A logic-based network security analyzer. In 14th USENIX Security Symposium, 2005.
21. Reginald Sawilla and Xinming Ou. Identifying critical attack assets in dependency attack graphs. In 13th European Symposium on Research in Computer Security (ESORICS), October 2008.
22. Lingyu Wang, Steven Noel, and Sushil Jajodia. Minimum-cost network hardening using attack graphs. Computer Communications, 29:3812- 3824, November 2006.
23. Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Measuring network security using attack graphs. In Third Workshop on Quality of Protection (QoP), 2007.