Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2006-03-14
2006-03-14
Zand, Kambiz (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S151000, C713S152000, C713S153000, C713S188000
Reexamination Certificate
active
07013395
ABSTRACT:
A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in “attack templates”) to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in “attacker profiles”). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding “epsilon optimal paths.”
REFERENCES:
patent: 4009346 (1977-02-01), Parker et al.
patent: 4412285 (1983-10-01), Neches et al.
patent: 5471623 (1995-11-01), Napolitano, Jr.
patent: 5757767 (1998-05-01), Zehavi
patent: 5870564 (1999-02-01), Jensen et al.
patent: 5912753 (1999-06-01), Cotter et al.
patent: 5919257 (1999-07-01), Trostle
patent: 6026444 (2000-02-01), Quattromani et al.
patent: 6067620 (2000-05-01), Holden et al.
patent: 6160651 (2000-12-01), Chang et al.
patent: 6219161 (2001-04-01), Chang et al.
patent: 6343362 (2002-01-01), Ptacek et al.
patent: 6757497 (2004-06-01), Chang et al.
Ortalo, R. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security 08151998 pp. 633-650.
Clarkson Approximation Algorithms for Shortest Path Motion Planning 1987. ACM. p. 56-65.
L. P. Swiler and C. Phillips, “A Graph-Based System for Network-Vulnerability Analysis”, A paper presented at the New Security Paradigms Workshop '98, Charlottesville, VA, Sep. 22-25, 1998.
L. P. Swiler, C. Phillips, T. Gaylor, “Risk-Based Characterization of Network Vulnerability”, A Conference Presentation at Society for Risk Analysis Annual Meeting in Washington, DC, Dec. 7-10, 1997.
L. P. Swiler, C. Phillips, T. Gaylor, “A Graph-Based Network-Vulnerability Analysis System”, A Conference Paper presented at the 1998 IEEE Symposium on Security and Privacy in Oakland, CA, May 3-6, 1998.
M. Dacier, Y. Deswarte, M. Kaaniche, “Quantitative Assessment of Operational Security: Models and Tools”, LAAS Research Report 96493, May 1996.
S. F. Bush, “Network Vulnerability Analysis Tool Precis”, Bush: Information Warfare Strategy and Control Analysis, Mar. 29, 1999, Draft.
L. P. Swiler, C. Phillips, T. Gasylor, “A Graph-Based Network-Vulnerability Analysis System” Sandia National Laboratories Sandia Report SAND97-3010/1, Jan. 1998.
R. T. Marsh, Chairman, “Critical Foundations, Protecting America's Infrastructures”, The Report of the President's Commission on Critical Infrastructure Protection, Oct. 1997.
R. Ortalo, Y. Deswarte, and M. Kaaniche, “Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security”, IEEE Transcations on Software Engineering, vol. 25, No. 5, Sep./Oct. 1999.
B. V. Cherkassky, A. V. Goldberg, T. Radzik, “Shortest Paths Algorithms: Theory and Experimental Evaluation,” Aug. 3, 1993.
D. Naor and Douglas Brutlag, “On Suboptimal Alignments of Biological Sequences.” No Date.
Phillips Cynthia A.
Swiler Laura Painton
Elliot Russell D.
Sandra Corporation
Zand Kambiz
LandOfFree
Method and tool for network vulnerability analysis does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and tool for network vulnerability analysis, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and tool for network vulnerability analysis will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3557355