Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications

Francis J. Manning; Frank J. Mitropoulos

doi:10.1109/HICSS.2014.602

Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications

Francis J. Manning
, Frank J. Mitropoulos

Nova Southeastern University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications.

Original language	English
Title of host publication	Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014
Publisher	IEEE Computer Society
Pages	4915-4920
Number of pages	6
ISBN (Print)	9781479925049
DOIs	https://doi.org/10.1109/HICSS.2014.602
State	Published - Jan 1 2014
Event	47th Hawaii International Conference on System Sciences, HICSS 2014 - Waikoloa, HI, United States Duration: Jan 6 2014 → Jan 9 2014

Publication series

Name	2014 47th Hawaii International Conference on System Sciences

Conference

Conference	47th Hawaii International Conference on System Sciences, HICSS 2014
Country/Territory	United States
City	Waikoloa, HI
Period	1/6/14 → 1/9/14

ASJC Scopus Subject Areas

General Engineering

Access to Document

10.1109/HICSS.2014.602

Cite this

Manning, F. J., & Mitropoulos, F. J. (2014). Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications. In Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014 (pp. 4915-4920). Article 6759205 (2014 47th Hawaii International Conference on System Sciences). IEEE Computer Society. https://doi.org/10.1109/HICSS.2014.602

Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications. / Manning, Francis J.; Mitropoulos, Frank J.
Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014. IEEE Computer Society, 2014. p. 4915-4920 6759205 (2014 47th Hawaii International Conference on System Sciences).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Manning, FJ & Mitropoulos, FJ 2014, Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications. in Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014., 6759205, 2014 47th Hawaii International Conference on System Sciences, IEEE Computer Society, pp. 4915-4920, 47th Hawaii International Conference on System Sciences, HICSS 2014, Waikoloa, HI, United States, 1/6/14. https://doi.org/10.1109/HICSS.2014.602

Manning FJ, Mitropoulos FJ. Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications. In Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014. IEEE Computer Society. 2014. p. 4915-4920. 6759205. (2014 47th Hawaii International Conference on System Sciences). doi: 10.1109/HICSS.2014.602

@inproceedings{1f1013877e3f471e8d06a3f9d2863c88,

title = "Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications",

abstract = "One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications. ",

author = "Manning, \{Francis J.\} and Mitropoulos, \{Frank J.\}",

year = "2014",

month = jan,

day = "1",

doi = "10.1109/HICSS.2014.602",

language = "English",

isbn = "9781479925049",

series = "2014 47th Hawaii International Conference on System Sciences",

publisher = "IEEE Computer Society",

pages = "4915--4920",

booktitle = "Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014",

note = "47th Hawaii International Conference on System Sciences, HICSS 2014 ; Conference date: 06-01-2014 Through 09-01-2014",

}

TY - GEN

T1 - Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications

AU - Manning, Francis J.

AU - Mitropoulos, Frank J.

PY - 2014/1/1

Y1 - 2014/1/1

N2 - One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications.

AB - One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications.

U2 - 10.1109/HICSS.2014.602

DO - 10.1109/HICSS.2014.602

M3 - Conference contribution

AN - SCOPUS:84902262557

SN - 9781479925049

T3 - 2014 47th Hawaii International Conference on System Sciences

SP - 4915

EP - 4920

BT - Proceedings of the 47th Annual Hawaii International Conference on System Sciences, HICSS 2014

PB - IEEE Computer Society

T2 - 47th Hawaii International Conference on System Sciences, HICSS 2014

Y2 - 6 January 2014 through 9 January 2014

ER -

Utilizing attack graphs to measure the efficacy of security frameworks across multiple applications

Abstract

Publication series

Conference

ASJC Scopus Subject Areas

Access to Document

Fingerprint

Cite this