skip to main content
10.1145/1180367.1180374acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

A framework for establishing, assessing, and managing trust in inter-organizational relationships

Published: 03 November 2006 Publication History

Abstract

In this paper, we present an efficient, novel framework for establishing, assessing, and managing trust in inter-organizational relationships, in terms of allowable network sharing, that is based on analyzing an invariance property of a computer network environment. Our goal is to answer the following two questions: (1) From any given host in one network, what level of access, direct or indirect, is implied to each host in another network? This addresses the consequences of connecting two networks on access levels between networks. (2) What are the effects, in terms of access internal to a given network, of connecting to another network? This addresses the consequences of connecting two networks on access levels internal to a given network. Answers to these questions allow an informed business decision to be made as to whether the proposed network sharing should be allowed, and, if so, what the consequences of this network sharing are. We utilize the host-centric model in the design of our model to compactly represent and efficiently analyze the access graphs of shared network environments. We present an efficient algorithm for computing the highest achievable accesses between host pairs that are within a network and that are accessible between the shared networks due to an interconnecting edge. We use the algorithm to assess the consequences of the proposed network sharing accesses.

References

[1]
P. Ammann, J. Pamula, R. Ritchey, and J. Street. A host-based approach to network attack chaining analysis. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC '05), pages 72--84, Tucson, AZ, December 2005.
[2]
P. Ammann, D. Wijesekera, and S. Kaushik. Scalable graph-based vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02), pages 217--224, Washington, DC, November 2002.
[3]
Bugtraq. The security vulnerabilities mailing list. http://www.securityfocus.com.
[4]
T.H. Cormen, C.E. Leiserson, and R.L. Rivest. Introduction to Algorithms. McGraw-Hill Book Company and The MIT Press, 1998.
[5]
S. Jajodia, S. Noel, and B. O'Berry. Topological analysis of network attack vulnerability. In Managing Cyber Threats: Issues, Approaches and Challenges, pages 248--266. V. Kumar, J. Srivastava and A. Lazarevic (Eds.), Springer-Verlag, 2005.
[6]
S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW-15 2002), pages 49--63, Cape Breton, Nova Scotia, Canada, June 2002.
[7]
S. Jha, O. Sheyner, and J.M. Wing. Minimization and reliability analysis of attack graphs. Technical Report CMU-CS-02-109, School of Computer Science, Carnegie Mellon University, February 2002.
[8]
Nessus. Open source vulnerability scanner project. http://www.nessus.org.
[9]
S. Noel, S. Jajodia, B. O'Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency graphs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC '03), pages 86--95, Las Vegas, December 2003.
[10]
Cynthia Phillips and Laura Painton Swiler. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 workshop on New Security Paradigms (NSPW '98), pages 71--79, Charlottesville, VA, 1998.
[11]
Retina. Network security scanner. http://www.eeye.com/html/products/Retina/.
[12]
Ronald W. Ritchey and Paul Ammann. Using model checking to analyze network vulnerabilities. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P '00), pages 156--165, Oakland, CA, May 2000.
[13]
Tomas Gerhard Rokicki. Representing And Modeling Digital Circuits. PhD thesis, Stanford University, 1994.
[14]
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P '02), pages 254--265, Oakland, CA, May 2002.
[15]
Oleg Sheyner and Jeannette Wing. Tools for generating and analyzing attack graphs. In Proceedings of International Symposium on Formal Methods for Components and Objects, Lecture Notes in Computer Science 3188, pages 344--371, 2004.
[16]
V. Swarup, S. Jajodia, and J. Pamula. Rule-based topological vulnerability analysis. In Proceedings of the 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS 2005), pages 23--37, St. Petersburg, Russia, September 2005.
[17]
L. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer-attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX '01), pages 307--321, June 2001.
[18]
Steven J. Templeton and Karl Levitt. A requires/provides model for computer attacks. In Proceedings of the New Security Paradigms Workshop (NSPW '00), pages 31--38, Ballycotton, County Cork, Ireland, September 2000.

Cited By

View all
  • (2008)Towards an agent based framework for the design of secure web servicesProceedings of the 2008 ACM workshop on Secure web services10.1145/1456492.1456505(81-86)Online publication date: 31-Oct-2008

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SWS '06: Proceedings of the 3rd ACM workshop on Secure web services
November 2006
120 pages
ISBN:1595935460
DOI:10.1145/1180367
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access graphs
  2. attack graphs
  3. exploit
  4. network security
  5. network sharing
  6. scalability
  7. vulnerability

Qualifiers

  • Article

Conference

CCS06
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2008)Towards an agent based framework for the design of secure web servicesProceedings of the 2008 ACM workshop on Secure web services10.1145/1456492.1456505(81-86)Online publication date: 31-Oct-2008

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media