Protection of computer networks from malicious intrusions is critical to the economy and security of our nation. The objective of this talk is to give an overview of the techniques and challenges for security risk analysis of computer networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one.” In this talk, we will present a methodology for security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Our techniques analyze all attack paths through a network, for an attacker to reach a certain goal.
Keywords: Network Security, Attack Graphs, Risk Analysis
Dr. Anoop Singhal, is currently a Senior Computer Scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. He has more than 30 years of research experience at NIST, George Mason University and AT&T Bell Labs. His research interests are in cyber security, active cyber defense, cloud computing security and machine learning systems. He is a member of ACM, senior member of the IEEE and he has co-authored over 60 technical papers in leading conferences and journals. He has taught several graduate level courses in Computer Science as an adjunct faculty and given talks at RSA, IEEE and ACM conferences. He has two patents in the area of attack graphs and he has also co-edited a book on Secure Cloud Computing and Network Security Metrics.