SAT-Solving Approaches to Context-Aware Enterprise Network Security Management

被引：21

作者：

Homer, John ^{[1
]}

Ou, Xinming ^{[1
]}

机构：

[1] Kansas State Univ, Manhattan, KS 66506 USA

来源：

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS | 2009年 / 27卷 / 03期

基金：

美国国家科学基金会;

关键词：

Boolean Satisfiability Problem (SAT); Computer Network Management; Computer Network Security; Risk Analysis; Security;

D O I：

10.1109/JSAC.2009.090407

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Enterprise network security management is a complex task of balancing security and usability, with trade-offs often necessary between the two. Past work has provided ways to identify intricate attack paths due to misconfiguration and vulnerabilities in an enterprise system, but little has been done to address how to correct the security problems within the context of various other requirements such as usability, ease of access, and cost of countermeasures. This paper presents an approach based on Boolean Satisfiability Solving (SAT Solving) that can reason about attacks, usability requirements, cost of actions, etc. in a unified, logical framework. Preliminary results show that the approach is both effective and efficient.

引用

页码：315 / 322

页数：8

共 23 条

[1]

[Anonymous], 2006, 13 ACM C COMP COMM S

[2]

[Anonymous], J NETWORK SYSTEMS MA

[3]

Ceri S., 1989, IEEE Transactions on Knowledge and Data Engineering, V1, P146, DOI 10.1109/69.43410

[4] On solving covering problems [J].

Coudert, O .

33RD DESIGN AUTOMATION CONFERENCE, PROCEEDINGS 1996, 1996, :197-202

[5]

Dewri R., 2007, 14 ACM C COMP COMM S

[6]

FU Z, 2006, P INT C COMP AID DES

[7]

Fu ZH, 2006, LECT NOTES COMPUT SC, V4121, P252

[8]

Ingols Kyle, 2006, 22 ANN COMP SEC APPL

[9]

Jajodia S., 2003, MANAGING CYBER THREA, pCH5

[10] Two formal analyses of attack graphs [J].

Jha, S ;

Sheyner, O ;

Wing, J .

15TH IEEE COMPUTER SECURITY FOUNDATION WORKSHOP, PROCEEDINGS, 2002, :49-63

← 1 2 3 →