From Attack Graphs to Automated Configuration Management — An Iterative Approach

Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) enable a user to use the information in an attack graph to reach appropriate configuration decisions, through a configuration generator that can be iteratively trained by the user to understand a wide range of constraints in configuring an enterprise system, such as usability requirements and trade-offs that need to be made between the cost of security hardening measures and the cost of potential damage. We believe both methods are important steps toward achieving automatic configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) automatically provide reasonable suggestions for resolving the security problem.