Title :
Representing TCP/IP connectivity for topological analysis of network security
Author :
Ritchey, Ronald ; Berry, Brian O. ; Noel, Steven
Author_Institution :
Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
Abstract :
The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distributed among the various network hosts. Model checking has been applied to the analysis of this problem with some interesting initial results. However previous efforts did not take into account a realistic representation of network connectivity. These models were enough to demonstrate the usefulness of the model checking approach but would not be sufficient to analyze real-world network security problems. This paper presents a modem of network connectivity at multiple levels of the TCP/IP stack appropriate for use in a model checker. With this enhancement, it is possible to represent realistic networks including common network security devices such as firewalls, filtering routers, and switches.
Keywords :
computer networks; formal verification; security of data; telecommunication security; transport protocols; TCP/IP connectivity; filtering routers; firewalls; host vulnerability; model checking; network connectivity; network security; network security devices; switches; topological analysis; topological vulnerability analysis; Application software; Computer networks; Computer security; Encoding; Ethernet networks; Filtering; Information analysis; Information security; Information systems; TCPIP;
Conference_Titel :
Computer Security Applications Conference, 2002. Proceedings. 18th Annual
Print_ISBN :
0-7695-1828-1
DOI :
10.1109/CSAC.2002.1176275
