http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=209601075
By R. Colin Johnson
EE Times
07/25/2008
PORTLAND, Ore. - "Attack graphs" help predict the risk that hackers can
crack a computer system's security, plus identify its most vulnerable
resources, according to the National Institute of Science and Technology
(NIST).
By analyzing and assigning probabilities to every path a hacker could
use to penetrate a computer system, NIST hopes attack graphs will help
IT managers identify weak points that need to be patched to safeguard
valuable data.
Attack graphs, developed by NIST jointly with George Mason University,
calculate the vulnerability of each path into a computer system using
NIST's National Vulnerability Database (NVD). By assigning a probable
risk to various computer network pathways, the researchers hope to
secure computer systems from multistep attacks.
Each step in an attack is graphed with an assigned probability,
depending on its security level. For instance, its firewall, router and
various servers are each assigned a probability of being hacked, based
on information in the NVD.
[...]
Received on Mon Jul 28 02:45:57 2008