Method and tool for network vulnerability analysis

Swiler, Laura Painton; Phillips, Cynthia A

Method and tool for network vulnerability analysis

Patent · Mon Mar 13 23:00:00 EST 2006

OSTI ID:908549

Swiler, Laura Painton ^[1]; Phillips, Cynthia A ^[1]

Albuquerque, NM

A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

Research Organization:: Sandia National Laboratories (SNL-NM), Albuquerque, NM

Sponsoring Organization:: United States Department of Energy

DOE Contract Number:: AC04-94AL85000

Assignee:: Sandra Corporation (Albuquerque, NM)

Patent Number(s):: 7,013,395

Application Number:: 09/805,640

OSTI ID:: 908549

Country of Publication:: United States

Language:: English

References (7)

Approximation algorithms for shortest path motion planning Clarkson, K. Proceedings of the nineteenth annual ACM conference on Theory of computing - STOC '87 https://doi.org/10.1145/28395.28402	conference	January 1987
Experimenting with quantitative evaluation tools for monitoring operational security Ortalo, R.; Deswarte, Y.; Kaaniche, M. IEEE Transactions on Software Engineering, Vol. 25, Issue 5 https://doi.org/10.1109/32.815323	journal	January 1999
Shortest paths algorithms: Theory and experimental evaluation Cherkassky, Boris V.; Goldberg, Andrew V.; Radzik, Tomasz Mathematical Programming, Vol. 73, Issue 2 https://doi.org/10.1007/BF02592101	journal	May 1996
A graph-based network-vulnerability analysis system Swiler, L. P.; Phillips, C.; Gaylor, T. https://doi.org/10.2172/573291	report	January 1998
Models and tools for quantitative assessment of operational security Dacier, M.; Deswarte, Y.; Kaâniche, M. Information Systems Security https://doi.org/10.1007/978-1-5041-2919-0_15	book	January 1996
A graph-based system for network-vulnerability analysis Phillips, Cynthia; Swiler, Laura Painton Proceedings of the 1998 workshop on New security paradigms - NSPW '98 https://doi.org/10.1145/310889.310919	conference	January 1998
On suboptimal alignments of biological sequences Naor, Dalit; Brutlag, Douglas Combinatorial Pattern Matching https://doi.org/10.1007/BFb0029805	book	January 1993

Similar Records

A graph-based system for network-vulnerability analysis

Conference · Mon Jun 01 00:00:00 EDT 1998 · OSTI ID:672082

A graph-based network-vulnerability analysis system

Technical Report · Wed Dec 31 23:00:00 EST 1997 · OSTI ID:573291

A graph-based network-vulnerability analysis system

Conference · Sun May 03 00:00:00 EDT 1998 · OSTI ID:645475

Related Subjects

97 MATHEMATICS AND COMPUTING

Method and tool for network vulnerability analysis

Citation Formats

References (7)

Similar Records

Related Subjects