3Security_Open_Specs_APIs -
Security-Monitoring: Mulval Attack Path Engine Open API Specification
-
Security-Monitoring: Mulval Attack Path Engine Web Application Open API Specification
-
Security-Monitoring: Scored Attack Paths Open API Specification
-
Security-Monitoring:_Remediation_Open_API_Specification
-
Security-Monitoring: Service Level SIEM Open API Specification
-
Security-Monitoring: IoT Fuzzer Open API Specification
-
Security-Monitoring: Android Vulnerability Assessment Open API Specification
-
Identity Management Open API Specification
-
Privacy Open RESTful API Specification
-
Data Handling Open RESTful API Specification
-
Access Control Authorization Open RESTful API Specification
-
Context-based Security & Compliance Open RESTful API Specification
-
DBAnonymizer Open RESTful API Specification
-
Secure Storage Service Open API Specification
-
Content Based Security Open RESTful API Specification
-
Malware Detection Service Open API Specification
-
Android Flow Monitoring Open Specification
The WPL must add the new ones in R3 to the list. Tell him to do so if your GE is not listed
4Security-Monitoring: Mulval Attack Path Engine Open API Specification 4.1Introduction to the Mulval Attack Path Engine API 4.1.1Mulval Attack Path Engine API Core
This document provides a description of the available interface and presents adapters used by the MulVAL Attack Path Engine to import data files. The adapter transforms the data file to internal data in order to provide reporting and decision support in the context of the security monitoring G.E.
Figure 1: principle of Mulval API The MulVAL Attack Path Engine API can be seen as a module. This module needs input to be processed and compute the results with certain available options. We can summarize as: Input: file required by the engine Engine: offers certain flexibility (options) of attack path computation Output: data file which can be consumed by the reporting, visualization and decision support components.
4.1.2Intended Audience
This document is addressed both software architects and developers, and the operators of MulVAL Attack Path Engine.
4.1.3API Change History
This version of the Mulval Attack Path API Guide replaces and obsoletes all previous versions. The most recent changes are described in the table below:
Revision Date
|
Changes Summary
|
August, 2012
| |
Janauary, 2012
| -
V1.1 release
-
Nessus scanner supported
-
Attack path generated from the file exported by the Nessus scanner.
| 4.1.4How to Read This Document
Along the document, some special notations are applied to differentiate some special words or concepts. The following list summarizes these special notations:
-
A bold, mono-spaced font is used to represent a module.
-
An italic font is used to represent an example
4.1.5Additional Resources
The attack path engine is an innovative way to assess security risk. The current API is provided in summary version. Academics publications regarding attack paths are available through the following links:
all references can found here:
MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. In 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005.
A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.
A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. In 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.
Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R & D Canada -- Ottawa. TM 2007-205, September 2007.
From attack graphs to automated configuration management - an iterative approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report, Kansas State University, Computing and Information Sciences Department. January 2008.
Improving attack graph visualization through data reduction and attack grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. In 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.
Identifying critical attack assets in dependency attack graphs. Reginald Sawilla and Xinming Ou. In 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.
SAT-solving approaches to context-aware enterprise network security management. John Homer and Xinming Ou, In IEEE JSAC Special Issue on Network Infrastructure Configuration, Vol. 27, No. 3, April 2009. Preprint
Techniques for enterprise network security metrics. Anoop Singhal and Xinming Ou. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW) , Extended Abstract, April, 2009.
A host-based security assessment architecture for industrial control systems. Abhishek Rakshit and Xinming Ou. 2nd International Symposium on Resilient Control Systems (ISRCS), Idaho Falls, ID, USA, August 2009.
A sound and practical approach to quantifying security risk in enterprise networks. John Homer, Xinming Ou, and David Schmidt. Technical report, Kansas State University, Computing and Information Sciences Department. August 2009.
Uncertainty and risk management in cyber situational awareness. Jason Li, Xinming Ou, and Raj Rajagopalan. In Sushil Jajodia et al., editor, Cyber Situational Awareness: Issues and Research , chapter 4. Springer, Nov. 2009.
An empirical approach to modeling uncertainty in intrusion analysis. Xinming Ou, S. Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, USA, Dec 2009.
Share with your friends: |