Network security modeling system and method

US 7,315,801 B1
Filed: 01/14/2000
Issued: 01/01/2008
Est. Priority Date: 01/14/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of analyzing a computer network using a security modeling system, wherein the security modeling system includes a simulator, wherein the simulator includes a vulnerabilities database of network vulnerability information, the method comprising:

providing a network configuration of a computer network;

simulating the computer network based on the network configuration, wherein simulating the network includes;

receiving mission objectives;

storing the mission objectives; and

simulating the network based on the network configuration and the mission objectives; and

determining vulnerabilities of the computer network using the network vulnerability information stored in the vulnerabilities database, wherein the vulnerabilities database includes an entry for each of a plurality of known network vulnerabilities, wherein each entry includes a service to which the known network vulnerability applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability;

wherein determining vulnerabilities includes computing security results, wherein the security results include a security score.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.

217 Citations

18 Claims

1. A method of analyzing a computer network using a security modeling system, wherein the security modeling system includes a simulator, wherein the simulator includes a vulnerabilities database of network vulnerability information, the method comprising:
- providing a network configuration of a computer network;
  
  simulating the computer network based on the network configuration, wherein simulating the network includes;
  
  receiving mission objectives;
  
  storing the mission objectives; and
  
  simulating the network based on the network configuration and the mission objectives; and
  
  determining vulnerabilities of the computer network using the network vulnerability information stored in the vulnerabilities database, wherein the vulnerabilities database includes an entry for each of a plurality of known network vulnerabilities, wherein each entry includes a service to which the known network vulnerability applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability;
  
  wherein determining vulnerabilities includes computing security results, wherein the security results include a security score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein providing a network configuration includes receiving a configuration as the output of a network discovery tool.
  - 3. The method of claim 1, wherein providing a network configuration includes receiving a data file which includes a configuration of the computer network.
  - 4. The method of claim 1, wherein determining vulnerabilities further includes modifying the simulation using a graphical user interface.
  - 5. The method of claim 4, wherein modifying the simulation includes dynamically interacting with an attacker.
  - 6. The method of claim 4, wherein modifying the simulation includes dynamically interacting in real time with the security modeling system.
  - 7. The method of claim 5, wherein modifying the simulation includes dynamically interacting in real time with the security modeling system.
  - 8. The method of claim 1, wherein determining vulnerabilities of the simulated network further includes updating the vulnerabilities database when vulnerabilities are detected.

9. A method of opposing network attackers comprising:
- receiving a network configuration, wherein the network configuration comprises computer hardware and software component information;
  
  receiving mission objectives including critical resource information used to determine network components that are involved in a specific attack scenario;
  
  receiving commands from a network attacker;
  
  simulating the network based on the commands received from the network attacker, wherein simulating the network includes determining results as a function of the network configuration, mission objectives and stored vulnerability data for the described computer hardware and software components, wherein determining results includes computing security results which include a security score; and
  
  responding to the network attacker, wherein responding to the attacker includes imposing barriers, providing response messages and protecting the network.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein simulating the network further includes receiving commands from a defender and determining results based on the defender commands.
  - 11. The method of claim 9, wherein receiving a network configuration includes receiving critical resource information, wherein the critical resource information includes goals, expectation and constraints for simulating the network.
  - 12. The method of claim 9, wherein simulating the network further includes modifying the simulation using a graphical user interface.
  - 13. The method of claim 9, wherein receiving commands includes receiving attack actions which include commands that simulate service functionality, commands that change services or nodes, and commands that exploit vulnerabilities.

14. A security modeling system for simulating objective networks, comprising:
- a simulator having a plurality of databases, wherein the plurality of databases include mission objectives tables including information used to determine network components that are involved in a specific attack scenario, vulnerability tables, and network configuration tables, wherein the network configuration tables include network configuration data; and
  
  a graphical user interface which operates with the simulator to allow input and output to clients;
  
  wherein the network configuration tables include configuration tables, defense tables, filter tables, node tables, routing tables and password tables.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the mission objectives tables include mission tables, mission files tables and mission services tables.
  - 16. The system of claim 14, wherein the vulnerability tables include service tables.

17. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
- providing a network configuration of a computer network;
  
  simulating the network based on the network configuration, wherein simulating the network includes;
  
  receiving mission objectives;
  
  storing the mission objectives; and
  
  simulating the network based on the network configuration and mission objectives; and
  
  determining vulnerabilities of the simulated network using the vulnerability information stored in a vulnerabilities database, wherein determining vulnerabilities includes computing security results, wherein the security results include a security score;
  
  wherein the vulnerabilities database includes an entry for each of a plurality of known network vulnerabilities, wherein each entry includes the service to which it the known network vulnerability applies, defense conditions that might close the vulnerability, and resource and state conditions needed to exercise the vulnerability.
- View Dependent Claims (18)
- - 18. The machine-readable medium of claim 17, wherein mission objectives include critical resource information used to determine network components that are involved in a specific attack scenario.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Foote-Lennox, Tomo, Markham, Thomas R., Lu, Raymond, Dowd, Alan, Apostal, David
Primary Examiner(s)
Rodriguez; Paul
Assistant Examiner(s)
CRAIG, DWIN M

Application Number

US09/483,127
Time in Patent Office

2,909 Days
Field of Search

703/13, 273/292, 709/224, 713/201, 706 22- 26
US Class Current

703/13
CPC Class Codes

H04L 41/145   involving simulating, desig...

H04L 41/147   for predicting network beha...

H04L 63/1433   Vulnerability analysis

Network security modeling system and method

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

217 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network security modeling system and method

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

217 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others