Skip to Content
Find More Like This
Return to Search

Method and tool for network vulnerability analysis

United States Patent

March 14, 2006
View the Complete Patent at the US Patent & Trademark Office
Sandia National Laboratories - Visit the Intellectual Property Management and Licensing Website
A computer system analysis tool and method that will allow for qualitative and quantitative assessment of security attributes and vulnerabilities in systems including computer networks. The invention is based on generation of attack graphs wherein each node represents a possible attack state and each edge represents a change in state caused by a single action taken by an attacker or unwitting assistant. Edges are weighted using metrics such as attacker effort, likelihood of attack success, or time to succeed. Generation of an attack graph is accomplished by matching information about attack requirements (specified in "attack templates") to information about computer system configuration (contained in a configuration file that can be updated to reflect system changes occurring during the course of an attack) and assumed attacker capabilities (reflected in "attacker profiles"). High risk attack paths, which correspond to those considered suited to application of attack countermeasures given limited resources for applying countermeasures, are identified by finding "epsilon optimal paths."
Swiler; Laura Painton (Albuquerque, NM), Phillips; Cynthia A. (Albuquerque, NM)
Sandra Corporation (Albuquerque, NM)
09/ 805,640
March 13, 2001
This invention was made with Government support under Contract DE-AC04-94AL85000 awarded by the U.S. Department of Energy. The Government has certain rights in the invention.