Representing TCP/IP connectivity for topological analysis of network security

18th Annual Computer Security Applications Conference, 2002. Proceedings. Pub Date : 2002-12-09 DOI:10.1109/CSAC.2002.1176275

Ronald W. Ritchey, Brian O'Berry, S. Noel

{"title":"Representing TCP/IP connectivity for topological analysis of network security","authors":"Ronald W. Ritchey, Brian O'Berry, S. Noel","doi":"10.1109/CSAC.2002.1176275","DOIUrl":null,"url":null,"abstract":"The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distributed among the various network hosts. Model checking has been applied to the analysis of this problem with some interesting initial results. However previous efforts did not take into account a realistic representation of network connectivity. These models were enough to demonstrate the usefulness of the model checking approach but would not be sufficient to analyze real-world network security problems. This paper presents a modem of network connectivity at multiple levels of the TCP/IP stack appropriate for use in a model checker. With this enhancement, it is possible to represent realistic networks including common network security devices such as firewalls, filtering routers, and switches.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"96","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2002.1176275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 96

Abstract

The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distributed among the various network hosts. Model checking has been applied to the analysis of this problem with some interesting initial results. However previous efforts did not take into account a realistic representation of network connectivity. These models were enough to demonstrate the usefulness of the model checking approach but would not be sufficient to analyze real-world network security problems. This paper presents a modem of network connectivity at multiple levels of the TCP/IP stack appropriate for use in a model checker. With this enhancement, it is possible to represent realistic networks including common network security devices such as firewalls, filtering routers, and switches.

查看原文本刊更多论文

表示TCP/IP连接，用于网络安全的拓扑分析

网络上主机的各个漏洞可以被攻击者组合起来获得访问权限，如果主机没有相互连接，这是不可能的。当前可用的工具以隔离的方式报告漏洞，并在网络中单个主机的上下文中报告漏洞。拓扑漏洞分析(TVA)通过搜索分布在各种网络主机之间的相互依赖的漏洞序列来扩展这种方法。模型检验已应用于该问题的分析，并得到了一些有趣的初步结果。然而，以前的努力没有考虑到网络连通性的现实表现。这些模型足以证明模型检查方法的有效性，但不足以分析现实世界的网络安全问题。本文提出了一种适用于模型检查器的TCP/IP栈多层网络连接调制解调器。有了这种增强，就有可能表示现实的网络，包括常见的网络安全设备，如防火墙、过滤路由器和交换机。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

18th Annual Computer Security Applications Conference, 2002. Proceedings.

自引率

0.00%

发文量