|
Posted by Ramkumar Chinchani on January 11, 2005, 11:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi Sudhakar,
Looks like you are talking about "attack graphs" or some variation
thereof. There has been some recent work by Somesh Jha and Oleg Sheyner
(pls. look up his dissertation), which you may find relevant.
You should also look at tools like Core Impact, Nessus, etc.
Hope this helps.
_r
Sudhakar Govindavajhala wrote:
> Hi all,
>
> I am a PhD student at Princeton studying computer security.
>
>
> I and a colleague are trying to work on automating security analysis.
> We want to make sure that we have thought of all the attack patterns.
> So we are trying to enumerate the various ways in which an adversary
> can compromise a network. Does the comunity have any idea as to what
> is a good place to find such information? We are interested in both
> the details of some specific attacks and more importantly the high
> level ideas as to how attackers proceed from one step to another in a
> multi-stage attack. Let us try to give examples so that my question is
> more clear.
>
>
> - An attacker can compromise root and then replace ssh with a Trojan
> Horse that captures the password each user types. Then he uses that
> password to login into remote sites and uses a local root
> vulnerability in the remote site.
>
>
> - The attacker takes over the webserver running as user apache. He
> learns the kernel version etc. He then introduces a cron job that
> polls a website for new attack information. The website tells if there
> is a new exploit available for the kernel the server is running. If
> yes, the website provides the exploit too. Thus the cron job can wait
> till a new exploit is available. If the admin upgrades the webserver,
> the adversary can still launch the attack because of the cron job.
> The admin will have to clear the cron jobs after every upgrade etc.
>
>
> Can the community refer us to good places where we can find such
> information? We tried to read some books, but they did not have the
> information. We are not sure what website is a good place to get the
> reviews and high level information. It's easy to find published
> details of vulnerabilities in code, but most attacks use a combination
> of techniques to acheive their target. We want to make sure that at a
> high level we thought of all the issues.
>
>
> Any ideas are appreciated.
>
>
> thanks,
> Sudhakar
>
> http://www.cs.princeton.edu/~sudhakar
>
> PS: I was re-reading the replies to an old question I asked. Thanks
> for useful replies people gave.
>
http://groups.google.com/groups?hl=en&lr=&threadm=yTxkc.217%24Af6.170%40newsfe1-win&rnum=2&prev=/groups%3Fq%3Dsudhakar%2Bmulti%2Bstage%2Battacks%26hl%3Den%26lr%3D%26selm%3DyTxkc.217%2524Af6.170%2540newsfe1-win%26rnum%3D2
>
> On the other hand, I wish fewer people in world had a patronising
> attitude. I wonder what makes some people think they are better human
> beings than anyone else. Since I cannot control peoples thoughts (for
> a good reason), I guess I should resign to the fact that there are
> people of all kinds in this world. I should just ignore the existence
> of certain lot and interact with the more fun and cheerful lot.
| 
XML site map