Access Graph Based Risk Assessment Model for Network Information System

Author

Xiaochun Xiao ; Huan Wang ; Gendu Zhang

Author_Institution

Sch. of Compute Sci., Fudan Univ. Shanghai, Shanghai, China

fYear

2008

fDate

27-28 Dec. 2008

Firstpage

42

Lastpage

48

Abstract

The risk assessment for network information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk assessment. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk assessment by policy rules violations based on the access graph. As a complement to the attack graph approach, the access graph grows polynomially with the number of hosts and so has the benefit of scaling better to more practical, realistic size networks. This paper presents a novel risk assessment model for network information system based access graph. Compared with related works, our approach improves the performance and reduces the computational cost.

Keywords

authorisation; computer network management; telecommunication security; access graph; attack graph; graph-based models; model-based assessment; network information system; network vulnerability modeling; policy rules violations; risk assessment model; rule-based questionnaire investigation; Computer networks; Computer science; Computer security; Information security; Information systems; Polynomials; Power system modeling; Power system security; Risk analysis; Risk management; access graph; network security; risk assessment;

fLanguage

English

Publisher

ieee

Conference_Titel

Frontier of Computer Science and Technology, 2008. FCST '08. Japan-China Joint Workshop on

Conference_Location

Nagasahi

Print_ISBN

978-1-4244-3418-3

Type

conf

DOI

10.1109/FCST.2008.26

Filename

4736508