NetSPA : a Network Security Planning Architecture
Author(s)Artz, Michael Lyle, 1979-
Network Security Planning Architecture
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Richard P. Lippmann.
MetadataShow full item record
Attack scenario graphs provide a concise way of displaying all possible sequences of attacks a malicious user can execute to obtain a desired goal, such as remotely achieving root undetected on a critical host machine. NETSPA, the Network Security Planning Architecture, is a C++ system that quickly generates worst-case attack graphs using a forward-chaining depth-first search of the possible attack space using actions modeled with REM, a simple attack description language. NETSPA accepts network configuration information from a database that includes host and network software types and versions, intrusion detection system placement and types, network connectivity, and firewall rulesets. It is controlled by command line inputs that determine a critical goal state, trust relationships between hosts, and maximum recursive depth. NETSPA was shown to efficiently provide easily understood attack graphs that revealed non-obvious security problems against a realistic sample network of 17 representative hosts using 23 REM defined actions. The largest useful graph was generated within 1.5 minutes of execution. NETSPA-executes faster and handles larger networks than any existing graph generation system. This allows NETSPA to be practically used in combination with other security components to develop and analyze secure networks.
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.Includes bibliographical references (leaves 93-96).
DepartmentMassachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.