System and method for risk detection and analysis in a computer network
Patent 6952779 Issued on October 4, 2005. Estimated Expiration Date: October 1, 2022. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.
The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.
Other References
Swiler, Laura Painton, et al.; “A Graph-Based Network-Vulnerability Analysis System”, Sandia Report, Jan. 1998, pp. 1-21.
Phillips, Cynthia, et al.; “A Preliminary Classification Scheme for Information System Threats, Attacks, and Defenses; A Cause and Effect Model; and Some Analysis Based on that Model”, Sandia National Laboratories, Sep., 1998, pp. 1-78.
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/venari/www/usenix96-kindred-wing.html, Kindred, Darrell, et al.; “Fast, Automatic Checking of Security Protocols”, pp. 1-19.
Wing, Jeannette M., et al.; “Survivability Analysis of Networked Systems”, Computer Science Dept., Carnegie Mellon Univ., Pittsburgh, PA; Information and Communications Univ., Taejon, Korea, May, 14, 2001, pp. 1-31.
Wyss, Gregory D., et al.; “Information Systems Vulnerability: A Systems Analysis Perspective”, Sandia National Laboratories, pp. 1-14.
http://www.math.uiuc.edu/Hilda/htmlcalenders/Apr24—00/jha—apr24-00.html, Jha, Somesh; “Survivability Analysis of Software Specifications”, Department of Mathmatics, University of Illinois at Urbana-Champaign, Abstract.
Oleg Sheyner, et al.; “Toward Compositional Analysis of Security Protocols Using Theorem Proving”, School of Computer Science, CarnegieMellon Univ., Jan. 2000, pp. 1-28.
Jha, Somesh, et al.; “Minimization and Reliability Analyses of Attack Graphs”, School of Computer Science, Carnegie Mellon University, pp. 1-30.
Deswarte, Yves, et al.; “Experimental Validation of a Security Metrics”, LAAS-CNRS, pp. 1-6.
Mummidi, Sailaja, et al.; “Information Management System Vulnerability Analysis Study”, New Mexico Tech., Nov. 8, 2001, pp. 1-16.
http://www/naseo.org/committees/energy data/energy assurance/, pp. 1-2.
Hutchinson, Bob, et al.; “Lessons Learned Through Sandia's Cyber Assessment Program”, Sandi National Laboratories, pp. 1-17.
http://www.comp.nus.edu.sg/apsec2000/index—right.html, Wing, Jeannete M.; “Survivability Analysis of Networked Systems”, Carnegie Mellon University, Abstract; van Lamsweerde, Axel; “Building Formal Models for Software Requirements”, Universite Catholique de Louvain, Abstract.
October 1, 2022. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.
