From Attack Graphs to Automated Configuration Management — An Iterative Approach

Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) enable a user to use the information in an attack graph to reach appropriate configuration decisions, through a configuration generator that can be iteratively trained by the user to understand a wide range of constraints in configuring an enterprise system, such as usability requirements and trade-offs that need to be made between the cost of security hardening measures and the cost of potential damage. We believe both methods are important steps toward achieving automatic configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) automatically provide reasonable suggestions for resolving the security problem.

[1]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[2]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[3]  Robert K. Cunningham,et al.  Evaluating and Strengthening Enterprise Network Security Using Attack Graphs , 2005 .

[4]  S. Malik,et al.  Solving the Minimum-Cost Satisfiability Problem Using SAT Based Branch-and-Bound Search , 2006, 2006 IEEE/ACM International Conference on Computer Aided Design.

[5]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[6]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[7]  D. Warren,et al.  Xsb -a System for Eeciently Computing Well Founded Semantics , 1997 .

[8]  Sanjai Narain,et al.  Network Configuration Management via Model Finding , 2005, LISA.

[9]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[10]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[11]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[12]  Vasco M. Manquinho,et al.  Search pruning techniques in SAT-based branch-and-bound algorithmsfor the binate covering problem , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[13]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[14]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[15]  Sharad Malik,et al.  Zchaff2004: An Efficient SAT Solver , 2004, SAT (Selected Papers.

[16]  Matthias F. Stallmann,et al.  Optimization algorithms for the minimum-cost satisfiability problem , 2004 .

[17]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[19]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[20]  Robert E. Tarjan,et al.  A fast algorithm for finding dominators in a flowgraph , 1979, TOPL.

[21]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[22]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[23]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[24]  Olivier Coudert,et al.  On solving covering problems , 1996, DAC '96.