tailieunhanh - Scenario Graphs Applied to Network Security

IDC believes that multilayered security solutions offer enterprises a cost-effective and multifaceted alternative to enhance overall infrastructure security posture and improve customer and management confidence levels. By adopting an overwatch architecture with additional security layers that detect and remediate threats that have bypassed perimeter and content security, security managers can reduce the risks of breaches and infections associated with existing unknown security gaps and vulnerabilities. By advancing enterprise security with a multilayered security architecture combined with vendor-supplied security support services, businesses are able to clearly show their commitment to meeting and exceeding today's established best practices in security. . | Scenario Graphs Applied to Network Security Jeannette M. Wing Computer Science Department Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 wing@ Abstract. Traditional model checking produces one counterexample to illustrate a violation of a property by a model of the system. Some applications benefit from having all counterexamples not just one. We call this set of counterexamples a scenario graph. In this chapter we present two different algorithms for producing scenario graphs and explain how scenario graphs are a natural representation for attack graphs used in the security community. Through a detailed concrete example we show how we can model a computer network and generate and analyze attack graphs automatically. The attack graph we produce for a network model shows all ways in which an intruder can violate a given desired security property. 1 Overview Model checking is a technique for determining whether a formal model of a system satisfies a given property. If the property is false in the model model checkers typically produce a single counterexample. The developer uses this counterexample to revise the model or the property which often means fixing a bug in the design of the system. The developer then iterates through the process rechecking the revised model against the possibly revised property. Sometimes however we would like all counterexamples not just one. Rather than produce one example of how the model does not satisfy a given property why not produce all of them at once We call the set of all counterexamples a scenario graph. For a traditional use of model checking . to find bugs each path in the graph represents a counterexample . a failure scenario. In our application to security each path represents an attack a way in which an intruder can attack a system. Attack graphs are a special case of scenario graphs. This chapter first gives two algorithms for producing scenario graphs. The first algorithm was published .