Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Article type: Research Article
Authors: Wang, Lingyua; * | Yao, Chaob | Singhal, Anoopc | Jajodia, Sushild
Affiliations: [a] Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, H3G 1M8, Canada. E-mail: wang@ciise.concordia.ca | [b] Center for Secure Information Systems, George Mason University, Fairfax, VA 22030-4444, USA. E-mail: cyao@gmu.edu | [c] Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA. E-mail: anoop.singhal@nist.gov | [d] Center for Secure Information Systems, George Mason University, Fairfax, VA 22030-4444, USA. E-mail: jajodia@gmu.edu
Correspondence: [*] Corresponding author: Tel.: +1 514 848 2424 5662, Fax: +1 514 848 3171.
Abstract: An attack graph models the causal relationships between vulnerabilities. Attack graphs have important applications in protecting critical resources in networks against sophisticated multi-step intrusions. Currently, analyses of attack graphs largely depend on proprietary implementations of specialized algorithms. However, developing and implementing algorithms causes a delay to the availability of new analyses. The delay is usually unacceptable due to rapidly-changing needs in defending against network intrusions. An administrator may want to revise an analysis as soon as its outcome is observed. Such an interactive analysis, similar to that in decision support systems, is desirable but difficult with current approaches based on proprietary implementations of algorithms. This paper addresses the above issue through a relational approach. Specifically, we devise a relational model for representing necessary inputs, such as network configurations and domain knowledge, and we generate attack graphs from these inputs as relational views. We show that typical analyses can be supported through different type of searches in an attack graph, and these searches can be realized as relational queries. Our approach eliminates the needs for implementing algorithms, because an analysis is now simply a relational query. The interactive analysis of attack graphs becomes possible, since relational queries can be dynamically constructed and revised at run time. As a side effect, experimental results show that the mature optimization techniques in relational databases can transparently improve the performance of the analysis.
DOI: 10.3233/JCS-2008-0327
Journal: Journal of Computer Security, vol. 16, no. 4, pp. 419-437, 2008
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl