Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs

Steven Noel; Michael Jacobs; Sushil Jajodia; Brian O'Berry

doi:10.1109/CSAC.2003.1254313

A
ACSAC
2003
19th Annual Computer Security Applications Conference (ACSAC '03)
Abstract - Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Steven Noel Articles by Sushil Jajodia Articles by Brian O'Berry Articles by Michael Jacobs

19th Annual Computer Security Applications Conference (ACSAC '03)

Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs

Las Vegas, Nevada

December 08-December 12

ISBN: 0-7692-2041-3

	ASCII Text	x
	Steven Noel, Sushil Jajodia, Brian O'Berry, Michael Jacobs, "Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs," Computer Security Applications Conference, Annual, pp. 86, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.

	BibTex	x
	@article{ 10.1109/CSAC.2003.1254313, author = {Steven Noel and Sushil Jajodia and Brian O'Berry and Michael Jacobs}, title = {Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2003}, issn = {1063-9527}, pages = {86}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254313}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs SN - 1063-9527 SP EP A1 - Steven Noel, A1 - Sushil Jajodia, A1 - Brian O'Berry, A1 - Michael Jacobs, PY - 2003 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Steven Noel, George Mason University

Sushil Jajodia, George Mason University

Brian O'Berry, George Mason University

Michael Jacobs, George Mason University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254313

In-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack paths (combinations of exploits), from which one can decide whether a given set of network hardening measures guarantees the safety of given critical resources. We go beyond attack paths to compute actual sets of hardening measures (assignments of initial network conditions) that guarantee the safety of given critical resources. Moreover, for given costs associated with individual hardening measures, we compute assignments that minimize overall cost. By doing our minimization at the level of initial conditions rather than exploits, we resolve hardening irrelevancies and redundancies in a way that cannot be done through previously proposed exploit-level approaches. Also, we use an efficient exploit-dependency representation based on monotonic logic that has polynomial complexity, as opposed to many previous attack graph representations having exponential complexity.

Citation:

Steven Noel, Sushil Jajodia, Brian O'Berry, Michael Jacobs, "Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs," acsac, pp.86, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.