skip to main content
10.1145/1128817.1128822acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
Article

Attack graph generation and analysis

Published:21 March 2006Publication History

ABSTRACT

Attack graphs represent the ways in which an adversary can exploit vulnerabilities to break into a system. System administrators analyze these attack graphs to understand where their system's weaknesses lie and to help decide which security measures will be effective to deploy. In practice, attack graphs are produced manually by Red Teams. Construction by hand, however, is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this talk I present a technique, based on model checking, for generating attack graphs automatically. I also describe different analyses that system administrators can perform in trading off one security measure for another or in using attack graphs in intrusion detection. Work on generating attack graphs is joint with Somesh Jha and Oleg Sheyner; on analyzing them, joint with Oleg Sheyner and Oren Dobzinski.

References

  1. S. Jha and J. Wing, "Survivability Analysis of Networked Systems," Proceedings of the International Conference on Software Engineering, Toronto, Canada, May 2001. Preliminary version available as CMU-CS-00-168, October 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. S. Jha, O. Sheyner, and J.M. Wing, "Two Formal Analyses of Attack Graphs," Proceedings of the 15th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada, June 2002, pp. 49--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. O. Sheyner, J. Scenario Graphs and Attack Graphs, CMU-CS-04-122, Ph.D. thesis, Computer Science Department, Carnegie Mellon, April 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing, "Automated Generation and Analysis of Attack Graphs," Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. O. Sheyner and J.M. Wing, "Tools for Generating and Analyzing Attack Graphs," Proceedings of Workshop on Formal Methods for Components and Objects, 2004, pp. 344--371.Google ScholarGoogle Scholar
  6. J.M. Wing, "Scenario Graphs Applied to Security," Proceedings of Workshop on Verification of Infinite State Systems with Applications to Security, Timisoara, Romania, March 2005. Summary paper.Google ScholarGoogle Scholar

Index Terms

  1. Attack graph generation and analysis

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in
            • Published in

              cover image ACM Conferences
              ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security
              March 2006
              384 pages
              ISBN:1595932720
              DOI:10.1145/1128817

              Copyright © 2006 ACM

              Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 21 March 2006

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • Article

              Acceptance Rates

              Overall Acceptance Rate418of2,322submissions,18%

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader