Topological Vulnerabilty Analysis


Sushil Jajodia
Steven Noel
Pramod Kalapa

CSIS pioneered the field of Topological Vulnerability Analysis (TVA) attack graph technology, with several publications.  Over the last 7 years, CSIS has conducted R&D in TVA technology under various government agencies, with average funding of over $1 million per year.  This TVA technology development has culminated in the tool CAULDRON (Combinatorial Analysis Utilizing Logical Dependencies Residing On Networks).  CAULDRON has been independently evaluated in a variety of settings, including red team/blue team exercises, support for penetration testing, and as a tool for security risk assessment and network administration.  CAULDRON delivers the efficient construction, analysis, and graphical depiction of attack paths through enterprise networks.

CSIS has filed for 5 U.S. patents in TVA/CAULDRON technology.  CAULDRON has been licensed to a security firm for commercialization.  CAULDRON is currently being used at several government organizations.