JIGSAW – Origins

• Language as a means of:

  • Organizing thinking about attacks
  • Express attack/security concepts in a convenient way to reason about

• Language based on abstract attack concepts, program/protocol specifications, system configuration

• Emphasis not on detecting new, low level vulnerabilities, but in how these plus system information could be combined into sophisticated multi-stage attacks.

• Of particular interest is detecting new attacks.

• Relies on sensor input detecting specific system events or known attacks, i.e. CIDF GIDOs.

Previous slide

Next slide

Back to first slide

View graphic version