Utilizing Attack Graphs to Measure the Efficacy of Security Frameworks across Multiple Applications
| Title | Utilizing Attack Graphs to Measure the Efficacy of Security Frameworks across Multiple Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Manning, F.J., Mitropoulos, F.J. |
| Conference Name | System Sciences (HICSS), 2014 47th Hawaii International Conference on |
| Date Published | Jan |
| Keywords | attack graph analysis, Attack Graphs, attack surface, authentication, graph theory, Information security, Measurement, security frameworks, security of data, Servers, Software, Vectors |
| Abstract | One of the primary challenges when developing or implementing a security framework for any particular environment is determining the efficacy of the implementation. Does the implementation address all of the potential vulnerabilities in the environment, or are there still unaddressed issues? Further, if there is a choice between two frameworks, what objective measure can be used to compare the frameworks? To address these questions, we propose utilizing a technique of attack graph analysis to map the attack surface of the environment and identify the most likely avenues of attack. We show that with this technique we can quantify the baseline state of an application and compare that to the attack surface after implementation of a security framework, while simultaneously allowing for comparison between frameworks in the same environment or a single framework across multiple applications. |
| URL | https://ieeexplore.ieee.org/document/6759205/ |
| DOI | 10.1109/HICSS.2014.602 |
| Citation Key | 6759205 |