Validating and Restoring Defense in Depth Using Attack Graphs

Author

Lippmann, Richard ; Ingols, Kyle ; Scott, Chris ; Piwowarski, Keith ; Kratkiewicz, Kendra ; Artz, Mike ; Cunningham, Robert

Author_Institution

MIT Lincoln Lab., Lexington, MA

fYear

2006

fDate

23-25 Oct. 2006

Firstpage

1

Lastpage

10

Abstract

Defense in depth is a common strategy that uses layers of firewalls to protect supervisory control and data acquisition (SCADA) subnets and other critical resources on enterprise networks. A tool named NetSPA is presented that analyzes firewall rules and vulnerabilities to construct attack graphs. These show how inside and outside attackers can progress by successively compromising exposed vulnerable hosts with the goal of reaching critical internal targets. NetSPA generates attack graphs and automatically analyzes them to produce a small set of prioritized recommendations to restore defense in depth. Field trials on networks with up to 3,400 hosts demonstrate that firewalls often do not provide defense in depth due to misconfigurations and critical unpatched vulnerabilities on hosts. In all cases, a small number of recommendations was provided to restore defense in depth. Simulations on networks with up to 50,000 hosts demonstrate that this approach scales well to enterprise-size networks

Keywords

SCADA systems; authorisation; business communication; computer network reliability; graph theory; telecommunication security; NetSPA; SCADA; attack graph; defense in depth restoration; enterprise network; firewalls; supervisory control-data acquisition subnet; vulnerability; Contracts; IP networks; Internet; Laboratories; Local area networks; Planning; Process control; Protection; SCADA systems; US Government;

fLanguage

English

Publisher

ieee

Conference_Titel

Military Communications Conference, 2006. MILCOM 2006. IEEE

Conference_Location

Washington, DC

Print_ISBN

1-4244-0617-X

Electronic_ISBN

1-4244-0618-8

Type

conf

DOI

10.1109/MILCOM.2006.302434

Filename

4086659