Extending logical attack graphs for efficient vulnerability analysis

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 63-73

  Saha, Diptikalyan ^a  

^a MOTOROLA INC   (United States)

Author keywords

Attack graphs; Incremental analysis; Logic programming

Indexed keywords

ATTACK GRAPH; ATTACK GRAPHS; ENTERPRISE NETWORKS; INCREMENTAL ALGORITHM; INCREMENTAL ANALYSIS; LOGICAL CHARACTERIZATION; MULTI-STAGE; NETWORK ADMINISTRATOR; OPERATING SYSTEMS; PARAMETER CHANGES; REAL NETWORKS; SECURITY POLICY; VULNERABILITY ANALYSIS;

COMPUTER OPERATING SYSTEMS;

LOGIC PROGRAMMING;

EID: 67349085826     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455780     Document Type: Conference Paper

References (39)

1. www.physorg.com/newsl24982803.html.
2. www.skyboxsecurity.com.
3. U. A. Acar, G. E. Blelloch, and R. Harper. Adaptive functional programming. In ACMPOPL, volume 37, pages 247-259, New York, NY, USA, 2002. ACM Press.
4. TM.
5. Paul Ammann, Duminda Wijesekera, and Saket Kaushik. Scalable, graph-based network vulnerability analysis. In CCS '02, pages 217-224, New York, NY, USA, 2002. ACM Press.
6. G. Cohen et. al. System and method for risk detection and analysis in a computer network united states patent 6,952,779, October 2005.
7. Sudhakar Govindavajhala and Andrew Appel. A Windows access control demystified. Tech. rep., princeton university, 2006.
8. A. Gupta, I. S. Mumick, and V. S. Subrahmanian. Maintaining views incrementally. In SIGMOD, pages 157-166, 1993.
9. Ingols K., Lippmann R., and Piwowarski K. Practical attack graph generation for network defense. In Computer Security Applications Conference, 2006.
10. R. Lippmann and K. Ingols. An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory, USA, March 2005.
11. J. W. Lloyd. Foundations of Logic Programming. Springer, 1984.
12. Prasad Naldurg, Stefan Schwoon, Sriram Rajamani, and John Lambert. Netra:: seeing through access control. In FMSE '06: Proceedings of the fourth ACM workshop on Formal methods in security, pages 55-66, New York, NY, USA, 2006. ACM.
13. Steven Noel, Michael Jacobs, Pramod Kalapa, and Sushil Jajodia. Multiple coordinated views for network attack graphs. In VizSEC, page 12, 2005.
14. Steven Noel and Sushil Jajodia. Managing attack graph complexity through visual hierarchical aggregation. In VizSEC, pages 109-118, 2004.
15. Steven Noel and Sushil Jajodia. Understanding complex network attack graphs through clustered adjacency matrices. In ACSAC, pages 160-169, 2005.
16. X. Ou, S. Govindavajhala, and A. W. Appel. MulVAL: A logic-based network security analyzer. In 14th USENIX Security Symposium. Society for Industrial and Applied Mathematics, 2005.
17. Xinming Ou. A Logic-Programming Approach to Network Security Analysis. PhD thesis, Department of Computer Science, Princeton University, USA, November 2005.
18. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. A scalable approach to attack graph generation. In CCS '06, pages 336-345, New York, NY, USA, 2006. ACM Press.
19. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. Mulval: a logic-based network security analyzer. In SSYM'05: Proceedings of the 14th conference on USENIX Security Symposium, pages 8-8, Berkeley, CA, USA, 2005. USENIX Association.
20. R. Paige and S. Koenig. Finite differencing of computable expressions. TOPLAS, 4(3):402-454, 1982.
21. Lippmann R., Ingols K., Scott C, Piwowarski K., Kratkiewicz K., and Cunningham R. Validating and restoring defense in depth using attack graphs. In MTLCOM, 2006.
22. C. R. Ramakrishnan and R. Sekar. Model-based analysis of configuration vulnerabilities. Journal of Computer Security (JCS), 10(1 / 2): 189-209, 2002.
23. T. Reps, T. Teitelbaum, and A. Demers. Incremental context-dependent analysis for language-based editors. ACM Trans. Program. Lang. Syst, 5(3):449-477, 1983.
24. K. Sagonas, Terrace Swift, and D. S. Warren. XSB as an efficient deductive database engine. In ACM SIGMOD, pages 442-453. ACM, 1994.
25. D. Saha and C. R. Ramakrishnan. Incremental evaluation of tabled logic programs. In International Conference on Logic Programming, volume 2916 of LNCS, pages 389-406, 2003.
26. D. Saha and C. R. Ramakrishnan. Incremental and demand-driven points-to analysis using logic programming. In Principles and Practice of Declarative Programming. ACM Press, 2005.
27. D. Saha and C. R. Ramakrishnan. Incremental evaluation of tabled prolog: Beyond pure logic programs. In Practical Aspects of Declarative Languages, volume 3819 of LNCS, pages 215-229, Charleston, South Carolina, Jan 2006.
28. Beata Sama-Starosta and Scott D. Stoller. Policy analysis for security-enhanced linux. In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS), pages 1-12, April 2004. Available at http://www.cs.sunysb.edu/̃stoller/WITS2004.html.
29. Oleg Sheyner, Somesh Jha, and Jeannette M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE Symposium on Security and Privacy, May 2002.
30. Anu Singh, C. R. Ramakrishnan, I. V. Ramakrishnan, Scott Stoller, and David S. Warren. Security policy analysis using deductive spreadsheets. In 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), Alexandria, Virginia, Nov 2007.
31. O. V. Sokolsky and S. A. Smolka. Incremental model checking in the modal mu-calculus. In CAV, volume 818 of LNCS, pages 351-363, 1994.
32. Vipin Swamp, Sushil Jajodia, and Joseph Pamula. Rule-based topological vulnerability analysis. In MMM-ACNS, pages 23-37, 2005.
33. H. Tamaki and T. Sato. OLDT resolution with tabulation. In International Conference on Logic Programming, pages 84-98, 1986.
34. uDraw(Graph). Available at http://www.informatik.uni-bremen.de/ uDrawGraph/en/uDrawGraph/uDrawGraph.html.
35. J.D. Ullman. Principles of Database and Knowledge-base Systems, Volume II. Computer Science Press, 1989.
36. Lingyu Wang, Anyi Liu, and Sushil Jajodia. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications, 29(15):2917-2933, 2006.
37. Lingyu Wang, Steven Noel, and Sushil Jajodia. Minimum-cost network hardening using attack graphs. Comput. Commun., 29(18):3812-3824, 2006.
38. Lingyu Wang, Chao Yao, Anoop Singhal, and Sushil Jajodia. Interactive analysis of attack graphs using relational queries. In DBSec, pages 119-132, 2006.
39. XSB. The XSB logic programming system. Available at http://xsb. sourceforge.net.