skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems

Abstract

We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. We develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.

Authors:
; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1334885
Report Number(s):
PNNL-SA-116666
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: IEEE Symposium on Technologies for Homeland Security (HST 2016), May 10-11, 2016, Waltham, MA
Country of Publication:
United States
Language:
English
Subject:
game theory; attack graphs

Citation Formats

Saha, Sudip, Vullinati, Anil K., Halappanavar, Mahantesh, and Chatterjee, Samrat. Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems. United States: N. p., 2016. Web. doi:10.1109/THS.2016.7568884.
Saha, Sudip, Vullinati, Anil K., Halappanavar, Mahantesh, & Chatterjee, Samrat. Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems. United States. doi:10.1109/THS.2016.7568884.
Saha, Sudip, Vullinati, Anil K., Halappanavar, Mahantesh, and Chatterjee, Samrat. Thu . "Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems". United States. doi:10.1109/THS.2016.7568884.
@article{osti_1334885,
title = {Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems},
author = {Saha, Sudip and Vullinati, Anil K. and Halappanavar, Mahantesh and Chatterjee, Samrat},
abstractNote = {We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. We develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.},
doi = {10.1109/THS.2016.7568884},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Sep 15 00:00:00 EDT 2016},
month = {Thu Sep 15 00:00:00 EDT 2016}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: