Extended Abstract: Access Graph Based Risk Analysis for Network Information System

Author

Xiao, Xiaochun ; Zhang, Tiange ; Zhang, Gendu

Author_Institution

Sch. of Compute Sci., Fudan Univ., Shanghai, China

fYear

2008

fDate

13-15 Dec. 2008

Firstpage

129

Lastpage

132

Abstract

Currently, the risk analysis for network Information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk analysis. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk analysis based on the access graph. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with related works, our approach improves in both performance and computational cost.

Keywords

computer networks; graph theory; information systems; risk analysis; security of data; access graph based risk analysis; attack graph approach; host-centric approach; model-based assessment; network information system security; network vulnerability modeling; Access control; Algorithm design and analysis; Computational efficiency; Computational modeling; Computer networks; Data structures; Information security; Information systems; Polynomials; Risk analysis; access graph; network security; risk analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Technology, 2008. SECTECH '08. International Conference on

Conference_Location

Hainan Island

Print_ISBN

978-0-7695-3486-2

Type

conf

DOI

10.1109/SecTech.2008.18

Filename

4725360