Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Measuring the Overall Security of Network Configurations Using Attack Graphs

Published

Author(s)

Lingyu Wang, Anoop Singhal, Sushil Jajodia

Abstract

Today?s computer systems face sophisticated intrusions during which multiple vulnerabilities are combined for reaching an attack goal. To quantitatively assess the security of a network, one must first understand the interplay between vulnerabilities and how they can be combined for an attack. In this paper, we propose an attack resistance metric for assessing and comparing the security of different network configurations. The metric is based on intuitive properties derived from common sense. We describe the metric at an abstract level as two composition operators with features to express additional constraints. It is our belief that the metric will lead to novel quantitative approaches to vulnerability analysis, network hardening and attack responses.
Proceedings Title
Conference on Data and Applications Security | Annual | 21st | 2007 | IFIP
Conference Dates
July 8-11, 2007
Conference Location
, USA
Conference Title
21st Annual IFIP Conference on Data and Applications Security

Keywords

Attack Graphs, Information Security Metrics, Vulnerability Analysis, Network Hardening

Citation

Wang, L. , Singhal, A. and Jajodia, S. (2007), Measuring the Overall Security of Network Configurations Using Attack Graphs, Conference on Data and Applications Security | Annual | 21st | 2007 | IFIP, , USA (Accessed December 11, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 26, 2007, Updated October 12, 2021