Abstraction-based analysis of known and unknown vulnerabilities of critical information infrastructures

International Journal of System of Systems Engineering

Volumn 1, Issue 1-2, 2008, Pages 59-77

  Rieke, Roland ^a  

^a FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

Attack simulation; Critical infrastructure protection; Network security policies; Risk assessment; Security modelling and simulation; Threats analysis; Unknown vulnerabilities

Indexed keywords

EID: 67349217470     PISSN: 17480671     EISSN: 1748068X     Source Type: Journal    
DOI: 10.1504/IJSSE.2008.018131     Document Type: Article

References (22)

1. Alpern, B. and Schneider, F.B. (1985) 'Defining liveness', Information Processing Letters, Vol. 21, No.4, pp.181-185.
2. Ammann, P., Wijesekera, D. and Kaushik, S. (2002) 'Scalable, graph-based network vulnerability analysis', Proceedings of the 9th ACM Conference on Computer and Communications Security, New York, NY: ACM Press, pp.217-224.
3. Eilenberg, S. (1974) Automata, Languages and Machines, Vol. A, New York: Academic Press.
4. Cuppens, F., Cuppens-Boulahia, N., Sans, T. and Miège, A. (2004) 'A formal approach to specify and deploy a network security policy', Second Workshop on Formal Aspects in Security and Trust (FAST).
5. Jha, S., Sheyner, O. and Wing, J.M. (2002) 'Two formal analyses of attack graphs', 15th IEEE Computer Security Foundations Workshop (CSFW-15 2002), 24-26 June 2002, Cape Breton, Nova Scotia, Canada: IEEE Computer Society pp.49-63.
6. Kotenko, I. and Stepashkin, M. (2006) 'Analyzing network security using malefactor action graphs', International Journal of Computer Science and Network Security, Vol. 6.
7. Kotenko, I. and Ulanov, A. (2007) 'Multi-agent framework for simulation of adaptive cooperative defense against internet attacks', Proceedings of International Workshop on Autonomous Intelligent Systems Agents and Data Mining (AIS-ADM-07). Lecture Notes in A rtificial Intelligence, Vol. 4476.
8. Morin, B., Mé, L., Debar, H. and Ducassé, M. (2002) 'M2d2: A formal data model for ids alert correlation', Recent Advances in Intrusion Detection, 5th International Symposium, RAID 2002, Zurich, Switzerland, 16-18 October 2002, Proceedings Volume 2516 of Lecture Notes in Computer Science, pp. 115-137.
9. Nitsche, U. and Ochsenschläger, P. (1996) 'Approximately satisfied properties of systems and simple language homomorphisms', Information Processing Letters, Vol. 60, pp.201-206.
10. Noel, S. and Jajodia, S. (2004) 'Managing attack graph complexity through visual hierarchical aggregation', VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, New York, NY: ACM Press, pp. 109-118.
11. Noel, S., Jacobs, M., Kalapa, P., and Jajodia, S. (2005) 'Multiple coordinated views for network attack graphs', IEEE Workshop on Visualization for Computer Security (VizSec '05), Los Alamitos, CA: IEEE Computer Society.
12. Ochsenschläger, P. (1994) 'Verification of cooperating systems by simple homomorphisms using the product net machine', in J. Desel, A. Oberweis and W. Reisig (Eds). Workshop: Algorithmen und Werkzeuge für Petrinetze, Humboldt Universität Berlin, pp.48-53.
13. Ochsenschläger, P., Repp, J., Rieke, R., and Nitsche, U. (1999) 'The SH- verification tool abstractionbased verification of co-operating systems, formal aspects of computing', The International Journal of Formal Method Vol 11, pp.1-24.
14. Ochsenschläger, P., Repp, J. and Rieke, R. (2000a) 'The SH- verification tool', Proceedings of 13th International Florida Artificial Intelligence Research Society Conference (FLAIRS-2000), Orlando, FL: AAAI Press, pp. 18-22
15. Ochsenschläger, P., Repp, J. and Rieke, R. (2000b) 'Verification of cooperating systems - an approach based on formal languages', Proceedings of 13th International Florida Artificial Intelligence Research Society Conference (FLAIRS-2000), Orlando, FL: AAAI Press, pp.346-350.
16. Ochsenschläger, P. and Rieke, R. (2007) 'Abstraction based verification of a parameterised policy controlled system', International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security" (MMM-ACNS-07), Vol. 1 of CCIS, Springer.
17. Phillips, C.A. and Swiler, L.P. (1998) 'A graph-based system for network-vulnerability analysis', NSPW '98, Proceedings of the 1998 Workshop on New Security Paradigms, 22-25 September, 1998, Charlottsville, VA: ACM Press, pp.71-79.
18. Rieke, R. (2004) 'Tool based formal modelling, analysis and visualisation of enterprise network vulnerabilities utilising attack graph exploration', in U.E. Gattiker (Ed). Eicar 2004 Conference CD-rom: Best Paper Proceedings, Copenhagen, EICAR e.V.
19. Rieke, R. (2006) 'Modelling and analysing network security policies in a given vulnerability setting', Critical Information Infrastructures Security, First International Workshop, CRITIS 2006, Samos Island, Greece, Vol. 4347 of LNCS, Springer, pp.67-78.
20. Schiffmann, M. (2005) 'A complete guide to the common vulnerability scoring system (CVSS)' Available at: http://www.first.org/cvss/cvss-guide.html.
21. Sheyner, O., Haines, J.W., Jha, S., Lippmann, R. and Wing, J.M. (2002) 'Automated generation and analysis of attack graphs', 2002 IEEE Symposium on Security and Privacy, 12-15 May, 2002, Berkeley, CA: IEEE Comp. Soc. Press, pp.273-284.
22. Swiler, L.P., Phillips, C., Ellis, D. and Chakerian, S. (2001) 'Computer-attack graph generation tool', DARPA Information Survivability Conference and Exposition (DISCEX II'01) Vol. 2, 12-14 June, 2001, Anaheim, CA: IEEE Computer Society, pp. 1307-1321.