Skip to Main Content
Going beyond vulnerability scanning tools that make lists of known vulnerabilities locating on given individual hosts, attack graphs identify all possible attack paths that end in a state where an attacker has successfully achieved his goal. But the algorithmic complexity grows exponential in the size of the network. The access graph is proposed as a complement to the attack graph approach which is host-centric and grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. In this paper, we propose a novel component-centric access graph. Based on the modeling substrates for network, hosts, vulnerabilities and the component-centric access graph, the access graph generation algorithm and a number of ways the security administrator can use the resulting access graph to help secure the network are discussed. Compared with related works, our approach improves the performance and further reduces the computational cost.