Title :
Computer-attack graph generation tool
Author :
Swiler, Laura P. ; Phillips, Cynthia ; Ellis, David ; Chakerian, Stefan
Author_Institution :
Sandia Nat. Labs., Albuquerque, NM, USA
Abstract :
This paper presents a tool for assessment of security attributes and vulnerabilities in computer networks. The tool generates attack graphs (Phillips and Swiler, 1998). Each node in the attack graph represents a possible attack state. Edges represent a change of state caused by a single action taken by the attacker or unwitting assistant, and are weighted by some metric (such as attacker effort or time to succeed). Generation of the attack graph requires algorithms that match information about attack requirements (specified in attack templates) to information about the network configuration and assumed attacker capabilities (attacker profile). The set of near-optimal shortest paths indicates the most exploitable components of the system configuration. This paper presents the status of the tool and discusses implementation issues, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph
Keywords :
computer networks; graph theory; security of data; telecommunication security; attack templates; computer networks; computer-attack graph generation tool; data input needs; near-optimal shortest paths; network configuration; redundant paths; security attributes; security vulnerabilities; system configuration; Computer networks; Computer security; Computer viruses; Contracts; Costs; Government; Information security; Laboratories; National security; Software tools;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932182
