Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-03-20
2007-03-20
Moise, Emmanuel L. (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S001000
Reexamination Certificate
active
10734083
ABSTRACT:
Described are techniques used for assessing the security of a network. Pruned attack trees are generated using a forward chaining, breadth-first technique representing the attack paths of a possible attacker in the network. A vulnerability score is determined for each network and attacker starting point using attack loss values assigned to each host and information extracted from the attack tree(s) concerning compromised hosts. Different hypothetical alternatives may be evaluated to improve security of the network and each alternative may be evaluated by recomputing the network vulnerability score and comparing the recomputed score to the original network vulnerability score. Also disclosed is a method for determining end-to-end connectivity of a network. The resulting end-to-end connectivity information is used in generating the pruned attack tree.
REFERENCES:
patent: 5313616 (1994-05-01), Cline et al.
patent: 5850516 (1998-12-01), Schneier
patent: 6836888 (2004-12-01), Basu et al.
patent: 6952779 (2005-10-01), Cohen et al.
patent: 7013395 (2006-03-01), Swiler et al.
patent: 2002/0184504 (2002-12-01), Hughes
patent: 2003/0110288 (2003-06-01), Ramanujan et al.
patent: 2003/0149777 (2003-08-01), Adler
patent: 2004/0199576 (2004-10-01), Tan
patent: 2006/0015943 (2006-01-01), Mahieu
patent: WO 2004/031953 (2004-04-01), None
Steffan, Jab et al “Collaborative Attack Modeling,” 2002, pp. 1-10.
Tidewell et al., “Modeling Internet Attacks,” Jun. 5-6, 2001, pp. 54-59.
IT Guru: Intelligent Network Management for Enterprises (website: www.opnet.com/products/itguru/home.html), 2003 OPNET Technologies, Inc.
IT Guru: Intelligent Network Management for Enterprises, OPNET Technologies, Inc. (website: www.opnet.com).
Scalable, Graph-Based Network Vulnerability Analysis, by Paul Ammann, Duminda Wijesekera and Saket Kaushik, CCS'02, Nov. 18-22, 2002, Washington, DC.
Attack Trees, Dr. Dobb's Journal Dec. 1999—Modeling Security Threats by Bruce Schneier.
Compter Attack Graph Generation Tool by Laura P. Swiler Cynthia Phillips. David Ellis and Stefan Chakerian, Sandia National Laboratories, Albuquerque, NM.
Automated Generation and Analysis of Attack Graphs by Oleg Sheyner, Joshua Haines, Somesh JHA, Richard Lippmann and Jeannette M. Wing, Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P'02).
NetSPA: A Network Security Planning Architecture by Michael Lyle Artz, S.B., Computer Science and Engineering, Massachusetts Institute of Technology (2001).
Computer-Attack Graph Generation Tool, Laura P. Swiler et al., Sandia National Laboratories, 2001 IEEE, pp. 307-321.
Scalable, Graph-Based Network Vulnerability Analysis, Paul Ammann et al., ACM Nov. 2002, pp. 217-224.
Artz Michael
Ingols Kyle W.
Kratkiewicz Kendra
Lippmann Richard
Scott Chris
Daly, Crowley & Mofford & Durkee, LLP
Massachusetts Institute of Technology
Moise Emmanuel L.
Pyzocha Michael
LandOfFree
Network security planning architecture does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network security planning architecture, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network security planning architecture will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3789237