Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle - Computer Network Security

Information Technology Reference

In-Depth Information

16. Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection.

Technical Report CSDTR 94 013. Purdue University (1994)

17. Lye, K., Wing J.: Game Strategies in Network Security. International Journal of Informa-

tion Security, February (2005)

18. McNab, C.: Network Security Assessment. O'Reilly Media, Inc. (2004)

19. Moitra, S.D., Konda, S.L.: A Simulation Model for Managing Survivability of Networked

Information Systems, Technical Report CMU/SEI-2000-TR-020, December (2000)

20. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and

Survivability. Technical Note CMU/SEI-2001-TN-001. March (2001)

21. Nessus Network Auditing. Renaud Deraison. Syngress Publishing, Inc. (2004)

22. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-Based Evaluation: From Dependability

to Security. IEEE Transactions on Dependable and Secure Computing. Vol.1, N.1 ( 2004)

23. Ortalo, R., Dewarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools

for monitoring operational security. IEEE Trans. on Software Engineering, 25(5) (1999)

24. OSVDB: The Open Source Vulnerability Database. http://www.osvdb.org/

25. Peltier, T.R.: Information security risk analysis. Auerbach 2001.

26. Peltier, T.R., Peltier, J., Blackley, J.A.: Managing a Network Vulnerability Assessment.

Auerbach Publications (2003)

27. POSITIF Project leaflet. http://www.positif.org/idissemination.html (2004)

28. RiskWatch users manual. http://www.riskwatch.com

29. Ritchey, R. W., Ammann, P.: Using model checking to analyze network vulnerabilities. Pro-

ceedings of IEEE Computer Society Symposium on Security and Privacy (2000)

30. Rohse, M.: Vulnerability naming schemes and description languages: CVE, Bugtraq,

AVDL and VulnXML. SANS GSEC PRACTICAL (2003)

31. Sademies, A.: Process Approach to Information Security Metrics in Finnish Industry and

State Institutions. VTT Electronics, Espoo. VTT Publications (2004)

32. Schneier, B.: Attack Trees. Dr. Dobb's Journal, vol. 12 (1999)

33. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and

analysis of attack graphs. Proc. of the IEEE Symposium on Security and Privacy (2002)

34. Singh, S., Lyons, J., Nicol, D.M.: Fast Model-based Penetration Testing. Proceedings of

the 2004 Winter Simulation Conference (2004)

35. Steffan, J., Schumacher, M.: Collaborative Attack Modeling. 17th ACM Symposium on

Applied Computing (SAC 2002), Madrid, Spain (2002)

36. Stewart, A.J.: Distributed Metastasis: A Computer Network Penetration Methodology.

Phrack Magazine, 9 (55) (1999)

37. Storms A.: Using vulnerability assessment tools to develop an OCTAVE Risk Profile.

SANS Institute. http://www.sans.org

38. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool.

DISCEX '01 (2001)

39. Templeton, S.J., Levitt, K.: A Requires/Provides Model for Computer Attacks. Proc. of

the New Security Paradigms Workshop (2000)

40. Yuill, J., Wu, F., Settle, J., Gong, F.: Intrusion-detection for incident-response, using a

military battlefield-intelligence process. Computer Networks, No.34 (2000)

Computer Network Security

Search WWH ::

Custom Search

Home