Network Vulnerability and Resiliency Analysis
George Mason University, Fairfax VA
Investigators
Abstract
The objective of the proposed research is to improve network security through an innovative approach to vulnerability and resiliency analysis. Even well administered networks are vulnerable to attacks due to the security ramifications of offering a variety of combined services. That is, services that are secure when offered in isolation nonetheless provide an attacker with combined vulnerabilities to exploit when offered simultaneously. Security tools such as COPS, System Scanner, and CyberCop, are excellent at identifying specific, known, individual host vulnerabilities in services, software packages, and configurations. What these methods do not address is the compound effect of multiple vulnerabilities. The result is a serious problem because interactions between vulnerabilities can easily cascade across a network. The risk posed by each vulnerability may be judged either necessary or acceptable in isolation, but the combination of these vulnerabilities can still turn out to compromise the network as a whole in an unacceptable way. A limited amount of existing work in vulnerability analysis addresses this problem, but the existing work falls short in three key areas, namely resiliency analysis, all-paths analysis, and inference engine analysis. The proposed work will improve network security by addressing systematically each of these three areas.
View original record on NSF Award Search →