dc.contributor.advisor | Richard P. Lippmann. | en_US |
dc.contributor.author | Artz, Michael Lyle, 1979- | en_US |
dc.contributor.other | Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. | en_US |
dc.date.accessioned | 2006-03-24T18:01:15Z | |
dc.date.available | 2006-03-24T18:01:15Z | |
dc.date.copyright | 2002 | en_US |
dc.date.issued | 2002 | en_US |
dc.identifier.uri | http://hdl.handle.net/1721.1/29899 | |
dc.description | Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002. | en_US |
dc.description | Includes bibliographical references (leaves 93-96). | en_US |
dc.description.abstract | Attack scenario graphs provide a concise way of displaying all possible sequences of attacks a malicious user can execute to obtain a desired goal, such as remotely achieving root undetected on a critical host machine. NETSPA, the Network Security Planning Architecture, is a C++ system that quickly generates worst-case attack graphs using a forward-chaining depth-first search of the possible attack space using actions modeled with REM, a simple attack description language. NETSPA accepts network configuration information from a database that includes host and network software types and versions, intrusion detection system placement and types, network connectivity, and firewall rulesets. It is controlled by command line inputs that determine a critical goal state, trust relationships between hosts, and maximum recursive depth. NETSPA was shown to efficiently provide easily understood attack graphs that revealed non-obvious security problems against a realistic sample network of 17 representative hosts using 23 REM defined actions. The largest useful graph was generated within 1.5 minutes of execution. NETSPA-executes faster and handles larger networks than any existing graph generation system. This allows NETSPA to be practically used in combination with other security components to develop and analyze secure networks. | en_US |
dc.description.statementofresponsibility | by Michael Lyle Artz. | en_US |
dc.format.extent | 96 leaves | en_US |
dc.format.extent | 6148150 bytes | |
dc.format.extent | 6159472 bytes | |
dc.format.mimetype | application/pdf | |
dc.format.mimetype | application/pdf | |
dc.language.iso | eng | en_US |
dc.publisher | Massachusetts Institute of Technology | en_US |
dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
dc.subject | Electrical Engineering and Computer Science. | en_US |
dc.title | NetSPA : a Network Security Planning Architecture | en_US |
dc.title.alternative | Network Security Planning Architecture | en_US |
dc.type | Thesis | en_US |
dc.description.degree | M.Eng. | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
dc.identifier.oclc | 51072296 | en_US |