Learn More
The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this(More)
The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences(More)
The primary original design goal for email was to provide best-effort message delivery. Unfortunately, as the ever increasing uproar over SPAM demonstrates, the existing email infrastructure is no longer well suited to the worldwide set of email users - particularly email receivers. Rather than propose yet another band-aid solution to SPAM, this paper(More)
contents About IATAC and the IAnewsletter The IAnewsletter is published quarterly by the Information Assurance Technology Analysis Center (IATAC). IATAC is a Department of Defense (DoD) sponsored Information Analysis Center, administratively managed by the Defense Technical Information Center (DTIC), and Director, Defense Research and Engineering (DDR&E).(More)
Ask the Expert Despite new risks introduced by virtualization, such as hackers attacking VMware (virtual machine) servers, virtualization remains a tremendous success for information assurance (IA). GIG Performance Assessment Framework The PAF goal is to present E2E performance in metrics that end users can readily understand and evaluate, such as service(More)
About IATAC and the IAnewsletter The IAnewsletter is published quarterly by the Information Assurance Technology Analysis Center (IATAC). IATAC is a Department of Defense (DoD) sponsored Information Analysis Center, administratively managed by the Defense Technical Information Center (DTIC), and Director, Defense Research and Engineering (DDR&E). Contents(More)
In this paper, we present an efficient, novel framework for establishing, assessing, and managing trust in inter-organizational relationships, in terms of allowable network sharing, that is based on analyzing an invariance property of a computer network environment. Our goal is to answer the following two questions: (1) From any given host in one network,(More)
  • 1