DocumentCode :
265658
Title :
Utilizing Attack Graphs to Measure the Efficacy of Security Frameworks across Multiple Applications
Author :
Manning, Francis J. ; Mitropoulos, Frank J.
fYear :
2014
fDate :
6-9 Jan. 2014
Firstpage :
4915
Lastpage :
4920
Abstract :
One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications.
Keywords :
graph theory; security of data; attack graph analysis; attack surface; security frameworks; Authentication; Information security; Measurement; Servers; Software; Vectors; Attack graphs; information security; measurement;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
System Sciences (HICSS), 2014 47th Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Type :
conf
DOI :
10.1109/HICSS.2014.602
Filename :
6759205
Link To Document :
بازگشت