Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems
We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. We develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1334885
- Report Number(s):
- PNNL-SA-116666
- Resource Relation:
- Conference: IEEE Symposium on Technologies for Homeland Security (HST 2016), May 10-11, 2016, Waltham, MA
- Country of Publication:
- United States
- Language:
- English
Similar Records
A graph-based network-vulnerability analysis system
A graph-based network-vulnerability analysis system