Vulnerability Analysis of Networked Systems

As networks of hosts continue to grow unboundedly, evaluating their vulnerability to attack becomes increasingly more important to automate. Interconnections between hosts give rise to new global vulnerabilities, those due to unforeseen interactions between local vulnerabilities on individual hosts. An integral part of modeling the global view of network security is constructing attack graphs. In practice, attack graphs are produced manually by Red Teams. Construction by hand, however, is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this talk, based on joint work with Somesh Jha and Oleg Sheyner, I present an automated technique for generating and analyzing attack graphs. We base our technique on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently. By annotating our graphs with probabilities, we can further use value iteration algorithms from Markov Decision Process theory, letting us perform worst-case reliability analysis. System administrators can use our attack graphs to decide which attacks would be most cost-effective to guard against. We implemented our technique in a tool suite. In this talk I illustrate it on a small, but realistic example that includes models of a firewall and an intrusion detection system. Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’02) 1080-1383/02 $17.00 © 2002 IEEE