Method and tool for network vulnerability analysis

Swiler, Laura Painton; Phillips, Cynthia A

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Method and tool for network vulnerability analysis

Abstract

A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."

Inventors:

Swiler, Laura Painton ^[1]; Phillips, Cynthia A ^[1]

Albuquerque, NM

Issue Date:: Tue Mar 14 00:00:00 EST 2006

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 908549

Patent Number(s):: 7013395

Application Number:: 09/805,640

Assignee:: Sandra Corporation (Albuquerque, NM)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1433 - {Vulnerability analysis}
H04L63/1441 - {Countermeasures against malicious traffic

Show less

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Swiler, Laura Painton, and Phillips, Cynthia A. Method and tool for network vulnerability analysis.  United States: N. p., 2006. 
        Web.

Copy to clipboard


                    Swiler, Laura Painton, & Phillips, Cynthia A. Method and tool for network vulnerability analysis.  United States.

Copy to clipboard


                    Swiler, Laura Painton, and Phillips, Cynthia A. Tue .  
        "Method and tool for network vulnerability analysis".  United States.  https://www.osti.gov/servlets/purl/908549.

Copy to clipboard


                    
@article{osti_908549,

  title        = {Method and tool for network vulnerability analysis},

  author       = {Swiler, Laura Painton and Phillips, Cynthia A},

  abstractNote = {A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Mar 14 00:00:00 EST 2006},

  month        = {Tue Mar 14 00:00:00 EST 2006}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

A graph-based system for network-vulnerability analysis
conference, January 1998

Phillips, Cynthia; Swiler, Laura Painton
Proceedings of the 1998 workshop on New security paradigms - NSPW '98
https://doi.org/10.1145/310889.310919

Experimenting with quantitative evaluation tools for monitoring operational security
journal, January 1999

Ortalo, R.; Deswarte, Y.; Kaaniche, M.
IEEE Transactions on Software Engineering, Vol. 25, Issue 5
https://doi.org/10.1109/32.815323

Shortest paths algorithms: Theory and experimental evaluation
journal, May 1996

Cherkassky, Boris V.; Goldberg, Andrew V.; Radzik, Tomasz
Mathematical Programming, Vol. 73, Issue 2
https://doi.org/10.1007/BF02592101

A graph-based network-vulnerability analysis system
report, January 1998

Swiler, L. P.; Phillips, C.; Gaylor, T.
https://doi.org/10.2172/573291

Approximation algorithms for shortest path motion planning
conference, January 1987

Clarkson, K.
Proceedings of the nineteenth annual ACM conference on Theory of computing - STOC '87
https://doi.org/10.1145/28395.28402

On suboptimal alignments of biological sequences
book, January 1993

Naor, Dalit; Brutlag, Douglas
Combinatorial Pattern Matching
https://doi.org/10.1007/BFb0029805

Similar Records in DOE Patents and OSTI.GOV collections:

Neural network system and methods for analysis of organic materials and structures using spectral data

Patent Meyer, Bernd J [Athens, GA]; Sellers, Jeffrey P [Suwanee, GA]; Thomsen, Jan U [Fredricksberg, DK]

Apparatus and processes for recognizing and identifying materials. Characteristic spectra are obtained for the materials via spectroscopy techniques including nuclear magnetic resonance spectroscopy, infrared absorption analysis, x-ray analysis, mass spectroscopy and gas chromatography. Desired portions of the spectra may be selected and then placed in proper form and format for presentation to a number of input layer neurons in an offline neural network. The network is first trained according to a predetermined training process; it may then be employed to identify particular materials. Such apparatus and processes are particularly useful for recognizing and identifying organic compounds such as complex carbohydrates,more » « less
Full Text Available
Method for securing a network using cyber economic network transaction security (CENTS)

Patent Teuton, Jeremy R.; Markwort, Jeromy M.

A method and system for administering an interactive computer network and more particularly to performing security in a network of interactive electronic components, such as a computer network using a currency-based transactional economy model where scarcity serves as a limiting factor to accessing and engaging in various activities within the system.
Full Text Available
Communication devices for network-hopping communications and methods of network-hopping communications

Patent Buttles, John W [Idaho Falls, ID]

Wireless communication devices include a software-defined radio coupled to processing circuitry. The processing circuitry is configured to execute computer programming code. Storage media is coupled to the processing circuitry and includes computer programming code configured to cause the processing circuitry to configure and reconfigure the software-defined radio to operate on each of a plurality of communication networks according to a selected sequence. Methods for communicating with a wireless device and methods of wireless network-hopping are also disclosed.
Full Text Available
Communication devices for network-hopping communications and methods of network-hopping communications

Patent Buttles, John W

Wireless communication devices include a software-defined radio coupled to processing circuitry. The system controller is configured to execute computer programming code. Storage media is coupled to the system controller and includes computer programming code configured to cause the system controller to configure and reconfigure the software-defined radio to operate on each of a plurality of communication networks according to a selected sequence. Methods for communicating with a wireless device and methods of wireless network-hopping are also disclosed.
Full Text Available
Apparatus and method for fusion of compute and switching functions of exascale system into a single component by using configurable network-on-chip fabric with distributed dual mode input-output ports and programmable network interfaces

Patent Khare, Surhud; Somasekhar, Dinesh; More, Ankit; ...

Described is an apparatus which comprises: a Network-On-Chip fabric using crossbar switches, having distributed ingress and egress ports; and a dual-mode network interface coupled to at least one crossbar switch, the dual-mode network interface is to include: a dual-mode circuitry; a controller operable to: configure the dual-mode circuitry to transmit and receive differential signals via the egress and ingress ports, respectively, and configure the dual-mode circuitry to transmit and receive signal-ended signals via the egress and ingress ports, respectively.
Full Text Available

Similar Records

Title: Method and tool for network vulnerability analysis

Abstract

Citation Formats

A graph-based system for network-vulnerability analysis conference, January 1998

Experimenting with quantitative evaluation tools for monitoring operational security journal, January 1999

Shortest paths algorithms: Theory and experimental evaluation journal, May 1996

A graph-based network-vulnerability analysis system report, January 1998

Approximation algorithms for shortest path motion planning conference, January 1987

On suboptimal alignments of biological sequences book, January 1993

A graph-based system for network-vulnerability analysis
conference, January 1998

Experimenting with quantitative evaluation tools for monitoring operational security
journal, January 1999

Shortest paths algorithms: Theory and experimental evaluation
journal, May 1996

A graph-based network-vulnerability analysis system
report, January 1998

Approximation algorithms for shortest path motion planning
conference, January 1987

On suboptimal alignments of biological sequences
book, January 1993