Computer and network security use a variety of techniques. Regardless of the precautions taken, when a system or system component compromise occurs, access can spread to other systems or components. Applications, systems, information, employees' time, physical objects, and other resources (referred to herein as assets) can be compromised if an attacker gains sufficient access.
An initial attack phase might result in an attacker gaining access that makes one or more further attacks in a second attack phase possible. The further attacks might in turn lead to even greater access, facilitating a third attack phase, and so on. However, it is often difficult to determine how an attack on a system occurs or may occur. The attack path or “chain reaction” of exploits that can lead to severe compromise are difficult to determine.
Thus, it would be useful for system and/or security administrators to be able to analyze how an actual or hypothetical attacker having known or hypothetical initial access can potentially compromise assets through such successive attack waves. It would also be useful to determine how an attack occurs in order for system and/or security administrators to interrupt an attack path or chain reaction before critical assets are compromised.