Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs

In this paper, we overview cluster security research underway at Mississippi State University (MSU) and focus on one particular effort involving a process to model system vulnerabilities and possible exploitations in specific cluster environments using exploitation graphs (e-graphs). Cluster security research at MSU has included attacks against clusters, anomaly detection, sensor fusion, VGLI security functionality in clusters, and the use of known system vulnerability data, system configuration data, and vulnerability scanner results to create e-graphs to model possible attack scenarios. The use of e-graphs is helpful in determining attacker work factor analysis, cost/benefit analysis of security, detection of attacks, and identification of critical vulnerabilities.

[1]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[2]  Laura Painton Swiler,et al.  A graph-based network-vulnerability analysis system , 1997, S&P 1998.

[3]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[4]  Rayford B. Vaughn,et al.  An approach to graph-based modeling of network exploitations , 2005 .

[5]  Sushil Jajodia Topological analysis of network attack vulnerability , 2007, ASIACCS '07.

[6]  C. R. Ramakrishnan,et al.  Model-Based Analysis of Configuration Vulnerabilities , 2002, J. Comput. Secur..

[7]  Wei Li,et al.  Building compact exploitation graphs for a cluster computing environment , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[8]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[9]  Rayford B. Vaughn,et al.  A Cognitive Model for Alert Correlation in a Distributed Environment , 2005, ISI.

[10]  Axel W. Krings,et al.  A Formalization of Digital Forensics , 2004, Int. J. Digit. EVid..

[11]  Gregg Schudel,et al.  Adversary work factor as a metric for information assurance , 2001, NSPW '00.

[12]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[13]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Wei Li,et al.  An Access Control Model for Secure Cluster-Computing Environments , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[15]  Kumar J. Das Attack development for intrusion detector evaluation , 2000 .

[16]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[17]  Ulf Lindqvist,et al.  Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[18]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[19]  Susan M. Bridges,et al.  Incremental Estimation of Discrete Hidden Markov Models Based on a New Backward Procedure , 2005, AAAI.

[20]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[21]  J. F. Bouchard,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS — PART A : SYSTEMS AND HUMANS , 2001 .

[22]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[23]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.