skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Method and tool for network vulnerability analysis

Abstract

A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

Inventors:
 [1];  [1]
  1. Albuquerque, NM
Publication Date:
Research Org.:
Sandia National Laboratories (SNL-NM), Albuquerque, NM
Sponsoring Org.:
USDOE
OSTI Identifier:
908549
Patent Number(s):
7,013,395
Application Number:
09/805,640
Assignee:
Sandra Corporation (Albuquerque, NM) ALO
DOE Contract Number:  
AC04-94AL85000
Resource Type:
Patent
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Swiler, Laura Painton, and Phillips, Cynthia A. Method and tool for network vulnerability analysis. United States: N. p., 2006. Web.
Swiler, Laura Painton, & Phillips, Cynthia A. Method and tool for network vulnerability analysis. United States.
Swiler, Laura Painton, and Phillips, Cynthia A. Tue . "Method and tool for network vulnerability analysis". United States. https://www.osti.gov/servlets/purl/908549.
@article{osti_908549,
title = {Method and tool for network vulnerability analysis},
author = {Swiler, Laura Painton and Phillips, Cynthia A},
abstractNote = {A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2006},
month = {3}
}

Patent:

Save / Share: