These are data structures that model all possible avenues of attacking a network. Two versions have been widely used: (1) The first one is a direct graph where nodes represent network states, and edges represent the application of an exploit that transforms one network state into another, more compromised network state. The ending states of the attack graph represent the network states in which the attacker has achieved his goals. (2) The second one is an attack graph in the form on an exploit dependency graph. This is a direct graph where each node represents a pre- (or, depending on the point of view, a post-) condition of an exploit, and edges represent the consequence of having a true precondition that enables an exploit postcondition.
Published in Chapter:
Methods for Dependability and Security Analysis of Large Networks
Ioannis Chochliouros (OTE S.A., General Directorate for Technology, Greece), Anastasia S. Spiliopoulou (OTE S.A., General Directorate for Regulatory Affairs, Greece), and Stergios P. Chochliouros (Independent Consultant, Greece)
Copyright: © 2009
|Pages: 9
DOI: 10.4018/978-1-60566-014-1.ch125
Abstract
Dependability and security are rigorously related concepts that, however, differ for the specific proprieties they mainly concentrate on. In particular, in most commonly applied cases found in practical design techniques (Piedad & Hawkins, 2000), the dependability concept usually includes the security one, being a superset of it. In typical cases, security mainly comprises the following fundamental characteristics: confidentiality, integrity, and availability. Indeed, dependability mainly encompasses the following attributes (Avizienis, Laprie, Randell, & Landwehr, 2004): (1) availability: readiness for correct service; (2) reliability: continuity of correct service; (3) safety: absence of catastrophic consequences on the user(s) and the environment; (4) confidentiality: absence of unauthorized disclosure of information; (5) integrity: absence of improper system alterations; and (6) maintainability: ability to undergo modifications and repairs. The present work primarily intends to deal with formal methods, appropriate to perform both security and dependability analysis in modern networks. In general, security analysis of great networks takes the form of determining the exploitable vulnerabilities of a network, and intends to provide results or appropriate informative (or occasionally experimental) data about which network nodes can be compromised by exploiting chains of vulnerabilities, as well as specifying which fundamental security properties are altered (e.g., Confidentiality, Integrity, Availability). Therefore, such type of analysis is also referred as “network vulnerability analysis.” On the other hand, dependability analysis of networks typically intends to determine specific dependencies within the nodes (or the services offered) of the (appropriate) underlying network, so as to provide results about the consequences of (potential) faults (on services or hosts) and to find out which among these faults are able to cause unacceptable consequences, in terms of the basic dependability attributes. At this specific evaluation, it should be noted that it is possible to consider attacks (as well as attack consequences) as faults.