Learn More
The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this(More)
The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences(More)
The primary original design goal for email was to provide best-effort message delivery. Unfortunately, as the ever increasing uproar over SPAM demonstrates, the existing email infrastructure is no longer well suited to the worldwide set of email users - particularly email receivers. Rather than propose yet another band-aid solution to SPAM, this paper(More)
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the(More)
contents 10 Army Cyber Command: Redefining IA Compliance as Part of Operationalizing Cyber Cyberspace has and will continue to change the way we all conduct our Profession of Arms. Ask the Expert In IA, we have to keep new and old technologies in our sights. Training IA Experts of Tomorrow The Cyber Ops program mission is to excite America's youth about(More)
Ask the Expert Despite new risks introduced by virtualization, such as hackers attacking VMware (virtual machine) servers, virtualization remains a tremendous success for information assurance (IA). GIG Performance Assessment Framework The PAF goal is to present E2E performance in metrics that end users can readily understand and evaluate, such as service(More)
contents About IATAC and the IAnewsletter The IAnewsletter is published quarterly by the Information Assurance Technology Analysis Center (IATAC). IATAC is a Department of Defense (DoD) sponsored Information Analysis Center, administratively managed by the Defense Technical Information Center (DTIC), and Director, Defense Research and Engineering (DDR&E).(More)
In this paper, we present an efficient, novel framework for establishing, assessing, and managing trust in inter-organizational relationships, in terms of allowable network sharing, that is based on analyzing an invariance property of a computer network environment. Our goal is to answer the following two questions: (1) From any given host in one network,(More)
  • 1