NetSPA : a Network Security Planning Architecture
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2006
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/29899 |
| _version_ | 1826193046325166080 |
|---|---|
| author | Artz, Michael Lyle, 1979- |
| author2 | Richard P. Lippmann. |
| author_facet | Richard P. Lippmann. Artz, Michael Lyle, 1979- |
| author_sort | Artz, Michael Lyle, 1979- |
| collection | MIT |
| description | Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002. |
| first_indexed | 2024-09-23T09:32:57Z |
| format | Thesis |
| id | mit-1721.1/29899 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T09:32:57Z |
| publishDate | 2006 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/298992019-04-11T14:08:29Z NetSPA : a Network Security Planning Architecture Network Security Planning Architecture Artz, Michael Lyle, 1979- Richard P. Lippmann. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002. Includes bibliographical references (leaves 93-96). Attack scenario graphs provide a concise way of displaying all possible sequences of attacks a malicious user can execute to obtain a desired goal, such as remotely achieving root undetected on a critical host machine. NETSPA, the Network Security Planning Architecture, is a C++ system that quickly generates worst-case attack graphs using a forward-chaining depth-first search of the possible attack space using actions modeled with REM, a simple attack description language. NETSPA accepts network configuration information from a database that includes host and network software types and versions, intrusion detection system placement and types, network connectivity, and firewall rulesets. It is controlled by command line inputs that determine a critical goal state, trust relationships between hosts, and maximum recursive depth. NETSPA was shown to efficiently provide easily understood attack graphs that revealed non-obvious security problems against a realistic sample network of 17 representative hosts using 23 REM defined actions. The largest useful graph was generated within 1.5 minutes of execution. NETSPA-executes faster and handles larger networks than any existing graph generation system. This allows NETSPA to be practically used in combination with other security components to develop and analyze secure networks. by Michael Lyle Artz. M.Eng. 2006-03-24T18:01:15Z 2006-03-24T18:01:15Z 2002 2002 Thesis http://hdl.handle.net/1721.1/29899 51072296 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 96 leaves 6148150 bytes 6159472 bytes application/pdf application/pdf application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Artz, Michael Lyle, 1979- NetSPA : a Network Security Planning Architecture |
| title | NetSPA : a Network Security Planning Architecture |
| title_full | NetSPA : a Network Security Planning Architecture |
| title_fullStr | NetSPA : a Network Security Planning Architecture |
| title_full_unstemmed | NetSPA : a Network Security Planning Architecture |
| title_short | NetSPA : a Network Security Planning Architecture |
| title_sort | netspa a network security planning architecture |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/29899 |
| work_keys_str_mv | AT artzmichaellyle1979 netspaanetworksecurityplanningarchitecture AT artzmichaellyle1979 networksecurityplanningarchitecture |