Topological Analysis of Network Attack Vulnerability
To understand overall vulnerability to network attack, one must consider attacker exploits not just in isolation, but also in combination. That is, one must analyze how low-level vulnerabilities can be combined to achieve high-level attack goals. In this chapter, we describe a tool that implements an integrated, topological approach to network vulnerability analysis. Our Topological Vulnerability Analysis (TVA) tool automates the labor-intensive type of analysis usually performed by penetration-testing experts. It is ideal for inexpensive what-if analyses of the impact of various network configurations on overall network security. The TVA tool includes modeling of network security conditions and attack techniques (exploits), automatic population of models via the Nessus vulnerability scanner, and analysis of exploit sequences (attack paths) leading to specific attack goals. Moreover, the tool generates a graph of dependencies among exploits that represents all possible attack paths without having to enumerate them. This representation enables highly scalable methods of vulnerability analysis, such as computing network configurations that guarantee the security of given network resources. Finally, this chapter describes some of the open technical challenges for the TVA approach.
KeywordsNetwork vulnerability analysis network attack modeling network hardening
Unable to display preview. Download preview PDF.
- R. Deraison, Nessus, Retrieved from http://www.nessus.org, May 2003.Google Scholar
- World Wide Web Consortium, Extensible Markup Language (XML), Retrieved from http://www.w3.org/XML/, May 2003.Google Scholar
- World Wide Web Consortium, The Extensible Stylesheet Language (XSL), Retrieved from http://www.w3.org/Style/XSL/, May 2003.Google Scholar
- World Wide Web Consortium, XSL Transformations (XSLT) Version 1.0., Retrieved from http://www.w3.org/TR/xslt, May 2003.Google Scholar
- L. Swiler, C. Phillips, D. Ellis, and S. Chakerian, Computer-attack graph generation tool, In Proceedings of the DARPA Information Survivability Conference & Exposition II, 307–321, 2001.Google Scholar
- S. Templeton and K. Levitt, A requires/provides model for computer attacks, In Proceedings of New Security Paradigms Workshop, 19–21, 2000.Google Scholar
- K. Daley, R. Larson, and J. Dawkins, A structural framework for modeling multistage network attacks, Presented at International Conference on Parallel Processing Workshops, 5–10, 2002.Google Scholar
- R. Ritchey and P. Ammann, Using model checking to analyze network vulnerabilities, In Proceedings of the IEEE Symposium on Security and Privacy, 156–165, 2000.Google Scholar
- O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing, Automated generation and analysis of attack graphs, In Proceedings of the IEEE Symposium on Security and Privacy, 254–265, 2002.Google Scholar
- P. Ammann, D. Wijesekera, and S. Kaushik, Scalable, graph-based network vulnerability analysis, In Proceedings of 9th ACM Conference on Computer and Communications Security (ACM-CCS 2002), 217–224, 2002.Google Scholar
- R. Ritchey, B. O’Berry and S. Noel, Representing TCP/IP connectivity for topological analysis of network security, In Proceedings of 18th Annual Computer Security Applications Conference, 156–165, 2002.Google Scholar
- World Wide Web Consortium, Semantic Web, Retrieved from www.w3.org/2001/sw/, May 2003.Google Scholar