Towards automated generation and visualization of hierarchical attack representation models

Fangcheng Jia, Jin B. Hong, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

6 Citations (Scopus)

Abstract

Attack Graphs (AGs) are a well-known formalism and there are tools available for AG generation and security risk analysis. The security posture of a networked system can be evaluated via an AG. However, as the size of the system becomes large, the AG suffers from the state-space explosion problem. Scalable security models have been developed to cope with this issue. Hierarchical Attack Representation Models (HARMs) is one of the scalable security models, the core idea of HARM is to separate the system representation into two layers; an upper layer (reachability) and a lower layer (vulnerability). In this paper, we propose a novel security modeling and analysis framework named Safelite that (i) automatically converts an AG into a HARM and (ii) visualizes the HARMs with relevant security information, respectively. We present the design and implementation of Safelite using example networks.

Original languageEnglish
Title of host publicationProceedings - 15th IEEE International Conference on Computer and Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2015, 13th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2015 and 13th IEEE International Conference on Pervasive Intelligence and Computing, PICom 2015
Place of PublicationUnited States
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages1689-1696
Number of pages8
Volume2015
ISBN (Electronic)9781509001545
DOIs
Publication statusPublished - 22 Dec 2015
Externally publishedYes
Event15th IEEE International Conference on Computer and Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2015, 13th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2015 and 13th IEEE International Conference on Pervasive Intelligence and Computing, PICom 2015 - Liverpool, United Kingdom
Duration: 26 Oct 201528 Oct 2015

Conference

Conference15th IEEE International Conference on Computer and Information Technology, CIT 2015, 14th IEEE International Conference on Ubiquitous Computing and Communications, IUCC 2015, 13th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2015 and 13th IEEE International Conference on Pervasive Intelligence and Computing, PICom 2015
CountryUnited Kingdom
CityLiverpool
Period26/10/1528/10/15

Fingerprint Dive into the research topics of 'Towards automated generation and visualization of hierarchical attack representation models'. Together they form a unique fingerprint.

Cite this