Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. / Wolthusen, Stephen D.; Al-Salloum, Ziyad.

Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009. IEEE Computer Society Press, 2009. p. 41-53.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. / Wolthusen, Stephen D.; Al-Salloum, Ziyad.

Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009. IEEE Computer Society Press, 2009. p. 41-53.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Wolthusen, SD & Al-Salloum, Z 2009, Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. in Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009. IEEE Computer Society Press, pp. 41-53. https://doi.org/10.1109/IMF.2009.14

APA

Wolthusen, S. D., & Al-Salloum, Z. (2009). Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. In Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009 (pp. 41-53). IEEE Computer Society Press. https://doi.org/10.1109/IMF.2009.14

Vancouver

Wolthusen SD, Al-Salloum Z. Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. In Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009. IEEE Computer Society Press. 2009. p. 41-53 https://doi.org/10.1109/IMF.2009.14

Author

Wolthusen, Stephen D. ; Al-Salloum, Ziyad. / Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination. Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009. IEEE Computer Society Press, 2009. pp. 41-53

BibTeX

@inproceedings{448532f57bdb45d5a5ee3afa05adb929,
title = "Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination",
abstract = "Risk and vulnerability management is a critical task in maintaining any nontrivial network, but made increasingly difficult by the dynamic nature of internetworking, transient connectivity, and the use of virtual machines that are connected intermittently, while both real and virtual hosts may harbor vulnerabilities that must be addressed to protect both the vulnerable host and its environment whether these are known to an organizationpsilas asset database or not. This is particularly critical if a security incident is in progress and the exposure to a vulnerability must be assessed and potentially mitigated as quickly and completely as possible. In this paper we therefore propose a probabilistic discovery and mitigation algorithm traversing a network with only knowledge of the immediate network neighborhood as can be obtained from passive observation of the LLDP protocol to minimize bandwidth consumption in conjunction with persistent agents deployed by the traversal to capture transient or intermittently active nodes and provide an analysis of the algorithmpsilas efficiency under different topologies and taking into account link failure as well as inconclusive or failed discovery and mitigation operation probabilities.",
author = "Wolthusen, {Stephen D.} and Ziyad Al-Salloum",
year = "2009",
month = sep,
day = "15",
doi = "10.1109/IMF.2009.14",
language = "English",
isbn = "978-0-7695-3807-5",
pages = "41--53",
booktitle = "Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009",
publisher = "IEEE Computer Society Press",

}

RIS

TY - GEN

T1 - Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination

AU - Wolthusen, Stephen D.

AU - Al-Salloum, Ziyad

PY - 2009/9/15

Y1 - 2009/9/15

N2 - Risk and vulnerability management is a critical task in maintaining any nontrivial network, but made increasingly difficult by the dynamic nature of internetworking, transient connectivity, and the use of virtual machines that are connected intermittently, while both real and virtual hosts may harbor vulnerabilities that must be addressed to protect both the vulnerable host and its environment whether these are known to an organizationpsilas asset database or not. This is particularly critical if a security incident is in progress and the exposure to a vulnerability must be assessed and potentially mitigated as quickly and completely as possible. In this paper we therefore propose a probabilistic discovery and mitigation algorithm traversing a network with only knowledge of the immediate network neighborhood as can be obtained from passive observation of the LLDP protocol to minimize bandwidth consumption in conjunction with persistent agents deployed by the traversal to capture transient or intermittently active nodes and provide an analysis of the algorithmpsilas efficiency under different topologies and taking into account link failure as well as inconclusive or failed discovery and mitigation operation probabilities.

AB - Risk and vulnerability management is a critical task in maintaining any nontrivial network, but made increasingly difficult by the dynamic nature of internetworking, transient connectivity, and the use of virtual machines that are connected intermittently, while both real and virtual hosts may harbor vulnerabilities that must be addressed to protect both the vulnerable host and its environment whether these are known to an organizationpsilas asset database or not. This is particularly critical if a security incident is in progress and the exposure to a vulnerability must be assessed and potentially mitigated as quickly and completely as possible. In this paper we therefore propose a probabilistic discovery and mitigation algorithm traversing a network with only knowledge of the immediate network neighborhood as can be obtained from passive observation of the LLDP protocol to minimize bandwidth consumption in conjunction with persistent agents deployed by the traversal to capture transient or intermittently active nodes and provide an analysis of the algorithmpsilas efficiency under different topologies and taking into account link failure as well as inconclusive or failed discovery and mitigation operation probabilities.

U2 - 10.1109/IMF.2009.14

DO - 10.1109/IMF.2009.14

M3 - Conference contribution

SN - 978-0-7695-3807-5

SP - 41

EP - 53

BT - Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics 2009

PB - IEEE Computer Society Press

ER -