Measuring the attack surfaces of two FTP daemons

Manadhata, Pratyusa K.; Wing, Jeannette M.; Flynn, Mark A.; McQueen, Miles

doi:10.1145/1179494.1179497

Cited by 63 publications

(42 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main idea behind classifying system resources is based on the notion that some of them are more likely to be attacked than others. After identifying and classifying all attackable system resources, they presented, measured and compared the attack surface of two Linux distributions, two IMAP servers [20,21,23] and two FTP Daemons [18,20,23].…”

Section: Related Workmentioning

confidence: 99%

Measurable Security, Privacy and Dependability in Smart Grids

Noll

Garitano

Fayyad

et al. 2015

JCSM

View full text Add to dashboard Cite

This paper presents a methodology for assessing security, privacy and dependability (SPD) of embedded systems. The methodology, developed through the European collaboration SHIELD, is applied for the smart grid network as deployed in the South of Norway. Three Smart Grid use cases are analysed in detail, being billing, home control and alarm.The SHIELD methodology uses a Multi-Metrics approach to evaluate the system SPD level during running processes and compares it with use case goals for S, P, and D. The simplicity, applicability, and scalability of the suggested Multi-Metrics approach is demonstrated in this paper. It shows that a single configuration is not sufficient to satisfy the given goals for all use cases.

show abstract

Section: Related Workmentioning

confidence: 99%

Measurable Security, Privacy and Dependability in Smart Grids

Noll

Garitano

Fayyad

et al. 2015

JCSM

View full text Add to dashboard Cite

show abstract

“…Another approach measures the relative risk of different configurations using the weakest attacker model, that is the least conditions under which an attack is possible [20]. Yet another series of work measures how likely a software is vulnerable to attacks using a metrics called attack surface [10,12,17,18,19]. These work allow a partial order to be established on different network configurations based on their relative security.…”

Section: Related Workmentioning

confidence: 99%

An Attack Graph-Based Probabilistic Security Metric

Wang

Islam

Long

et al. 2008

Lecture Notes in Computer Science

266

205

View full text Add to dashboard Cite

Abstract.To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for network security and studies its efficient computation. We first define the basic metric and provide an intuitive and meaningful interpretation to the metric. We then study the definition in more complex attack graphs with cycles and extend the definition accordingly. We show that computing the metric directly from its definition is not efficient in many cases and propose heuristics to improve the efficiency of such computation.

show abstract

“…Another series of work compares software for their relative vulnerabilities to attacks using a fixed set of dimensions, namely, attack surface [11,20,13]. The work by Mehta et.…”

Section: Related Workmentioning

confidence: 99%

Measuring the Overall Security of Network Configurations Using Attack Graphs

Wang

Singhal²,

Jajodia

2007

Data and Applications Security XXI

113

View full text Add to dashboard Cite

Abstract. Today's computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply be determined based on the number of vulnerabilities. To quantitatively assess the security of networked systems, one must first understand which and how vulnerabilities can be combined for an attack. Such an understanding becomes possible with recent advances in modeling the composition of vulnerabilities as attack graphs. Based on our experiences with attack graph analysis, we explore different concepts and issues on a metric to quantify potential attacks. To accomplish this, we present an attack resistance metric for assessing and comparing the security of different network configurations. This paper describes the metric at an abstract level as two composition operators with features for expressing additional constraints. We consider two concrete cases. The first case assumes the domain of attack resistance to be real number and the second case represents resistances as a set of initial security conditions. We show that the proposed metric satisfies desired properties and that it adheres to common sense. At the same time, it generalizes a previously proposed metric that is also based on attack graphs. It is our belief that the proposed metric will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack responses.

show abstract

Measuring the attack surfaces of two FTP daemons

Cited by 63 publications

References 5 publications

Measurable Security, Privacy and Dependability in Smart Grids

Measurable Security, Privacy and Dependability in Smart Grids

An Attack Graph-Based Probabilistic Security Metric

Measuring the Overall Security of Network Configurations Using Attack Graphs

Contact Info

Product

Resources

About