A First Order Logic Security Verification Model for SIP

It is well known that no security mechanism can provide full protection against a potential attack. There is always a possibility that a security incident may happen, mainly as a result of a new or modified attack that the employed countermeasures cannot handle or identify. It is therefore useful to perform a deferred analysis of logged network data, in an attempt to identify abnormal behavior/traffic that flags some type of security incident that has not been detected by the security countermeasures. Such an analysis of logged data for critical real time applications, like VoIP services, is certainly a valuable tool for enhancing the security level of the provided service. In this paper we introduce a practical tool that can be employed for the analysis of logged VoIP data and thus validate the effectiveness of the security mechanisms and the conformance with the corresponding security policy rules. For the analysis of the data we capitalize on our security model for VoIP services that is based on first order logic concepts, while the Protege API and the semantic Web rule language (SWRL) are also exploited. The proposed tool has been evaluated in terms of an experimental environment, while the results obtained confirm the validity of its operation and demonstrate its effectiveness.