Information Technology Reference
In-Depth Information
rule-based system. For noninterfering rulesets, our algorithms are similar to
monotonicity-based solutions. For arbitrary nonmonotonic rulesets, our algo-
rithms remain ecient in the most common case where if an attacker loses a
previously acquired capability, then the attacker can reacquire it when desired.
The algorithms only backtrack in the event that this does not hold. Our ap-
proach permits the modelling of real-world situations where exploits have the
side-effect of temporarily reducing an attacker's capabilities.
References
1. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vul-
nerability Analysis. Proceedings of the 9th ACM conference on Computer and
Communications Security. (2002) 217-224 ACM Press
2. CERT: CERT Advisory CA-2003-07, Remote Buffer Overflow in Sendmail.
http://www.cert.org/advisories/CA-2003-07.html
3. ADM
Crew:
BIND
NXT
Remote
Root
Exploit.
http://adm.freelsd.net/ADM/exploits/t666.c
4. Dacier, M., Deswarte, Y.: Privilege Graph: An Extension to the Typed Access
Matrix Model. In: Gollman, D. (ed.): Proc. Third European Symposium on Re-
search in Computer Security (ESORICS'94). Lecture Notes in Computer Science
875, Springer-Verlag (1994) 317-334
5. Dacier, M., Deswarte, Y., Kaniche, M.: Models and tools for quantitative assess-
ment of operational security. Proceedings IFIP SEC (1996) 177-186
6. Jha, S., Sheyner, O., Wing, J.M.: Minimization and Reliability Analyses of Attack
Graphs. Technical Report CMU-CS-02-109, School of Computer Science, Carnegie
Mellon University. (February 2002)
7. Jha, S., Sheyner, O., Wing, J.M.: Two Formal Analyses of Attack Graphs. In
Proceedings of the 2002 Computer Security Foundations Workshop, Nova Scotia,
Canada (June 2002) 45-59
8. Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with Quantitative Evalu-
ation Tools for Monitoring Operational Security. IEEE Transactions on Software
Engineering, Vol. 25(5) (September/October 1999) 633-650
9. Phillips, C., L. Painton Swiler: A Graph-Based System for Network-Vulnerability
Analysis. Proceedings of the 1998 workshop on New Security Paradigms. ACM
Press, Charlottesville, VA, USA (1998) 71-79
10. Ramakrishnan, C.R., Sekar, R.: Model-based Vulnerability Analysis of Computer
Systems. Proceedings of the 2nd International Workshop on Verification, Model
Checking and Abstract Interpretation (September 1998)
11. Ramakrishnan, C.R., Sekar, R.: Model-Based Analysis of Configuration Vulnera-
bilities. Journal of Computer Security. Vol. 10 (1-2) IOS Press (2002) 189-209
12. Ramsdell, J.: Penetration Analysis Application. The MITRE Corporation. (April
2001)
13. Ritchey, R., O'Berry, B., Noel, S.: Representing TCP/IP Connectivity for Topo-
logical Analysis of Network Security. 18th Annual Computer Security Applications
Conference. (December 2002)
14. Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulner-
abilities. Proceedings of the IEEE Symposium on Security and Privacy. (2000)
156-165
Search WWH ::




Custom Search