This paper proposes a novel approach to help computing system administrators in monitoring the security of their systems. The approach is based on modeling the system as a privilege graph exhibiting operational security vulnerabilities and on transforming this privilege graph into a Markov chain corresponding to all possible successful attack scenarios. A set of tools has been developed to support this approach and to provide automatic security evaluation of Unix systems in operation.
By: M. Dacier, Y. Deswarte (CNRS, France) and M. Kaaniche (CNRS, France)
Published in: Information Systems Security, ed. by S.K. Katsikas and D. Gritzalis. , London, Chapman & Hall, p.179-86 in 1996
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .