270 likes | 386 Views
Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network & Transport Layer Security Modeling Application Layer Security
E N D
Topological Vulnerability Analysis (TVA) Ooi See Kang 2002 IEEE 18th Annual Computer Security Applications Conference
Outline • What is TVA ? • Network Security Model in TVA • Modeling Link Layer Security • Modeling Network & Transport Layer Security • Modeling Application Layer Security • Example • Summary
What is Topological Vulnerability Analysis (TVA) • Analyze a simplified network security model and determine whether the network security requirements were met. • uses a state-based model (TCP/IP model) of network security to discover attacks paths.
TCP/IP Protocol Stack Model Application Layer Transport Layer Network Layer Link Layer
Network Security Model in TVA • Network of hosts • Connectivity of the hosts • Exploits or Attacks • List of security requirement the model should attempt to validate
Network Security Model • Networks of hosts • Network services, components and configuration details that give rise to vulnerabilities • Connectivity of the hosts • Simple boolean matrix to show the relationship between the 2 hosts.
Network Security Model • Exploits or Attacks • Given the right circumstance, can cause changes to the state of the model. • List of security requirement the model should attempt to validate • Represented by invariant statements made about the security of particular hosts on the network
How to break into the network • Know about the vulnerabilities of the network. • Familiar with the network connectivity • Know the User privileges
Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer
Modeling Link Layer Security • Communication can only occur between hosts located on the same network segment • ARP used to resolved addresses and thus identify hosts that share a common network segment
Modeling Link Layer Security • Packet Sniffing • An activity through which a privileged user can eavesdrop on network traffic • Most network is transmitted unencrypted • The authentication details can be captured easily
Modeling Link Layer Security • Hub • Re-broadcast all received packets to every host • Switch • Direct traffic to those host specifically addressed in the Link Layer frame.
How TVA do analysis • Track link layer connectivity at the host level • Distinguish which hosts have such connectivity/sniff with each others • Label those hosts which can sniff the traffic of another host. • LINK_(Exploit program)eg. LINK_ARP
How TVA do analysis • Example
Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer
Modeling Network/Transport Layer Security • Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port) • These address details used by firewall to decide whether allow to be passing by between the hosts. • The connectivity will be represented by a simple Boolean matrix. • Label it as TRANS_(Exploit program)
Modeling Network/Transport Layer Security • Example Figure – Example network with connectivity Limiting Firewall
Modeling Network/Transport Layer Security • Example Figure – Example Exploit Path
Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer
Modeling Application Layer Security • Address all connectivity-related security issues. • Label it as APP_(Exploit program) Figure – Example telnet exploit
Summary • TVA uses TCP/IP model to track the possible attacks path. • Network security model is make up by 4 major elements. • Exploits are used to check the vulnerability of each connectivity • Exploits doesn’t decrease the vulnerability of the network but increase it instead. • TVA model the Link Layer security by label it with LINK_(Exploit program) • TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program) • TVA model the Application Layer security by label it with APP_(Exploit program)
Acknowledgement • Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University) • Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)