250 likes | 436 Views
Tao Zhang, Chong Wu Harbin Institute of Technology, Harbin, China. Sairam Kambhala . Contents. The wider the network applications, the more complex the computer and network’s security problems are. How secure a computer network is ?? How to determine its security state.
E N D
Tao Zhang, Chong Wu Harbin Institute of Technology, Harbin, China. SairamKambhala.
The wider the network applications, the more complex the computer and network’s security problems are. • How secure a computer network is ?? How to determine its security state. • Building a model of computer network security status space by analyzing network security attributes like host, user privilege, connection relation etc. • Traditional Vulnerability scanning is not quite enough for checking a whole system.
System visitors can be classified according to the capability to access the system resources. • Rearrange the visitors and so the possible privileges can be classified accordingto user’s roles. • P={Access, Guest, User, Supuser, Root} • Pi i={1,2,…5}.
Current computer networks are based on TCP/IP protocol. • According to this technology principle, the connections of network devices are distributed on different layers. • The protocols that make up the TCP/IP family can be divided into groups of similar functionality for convenience.
The connection relations can be expressed as a set and then the connection relation between two devices is a sub-set of this set. • The connection relations set between host and devices is Protocol={pro1, pro2,…pron} . proii={1,2…n} represents a connection relation. • Connection relations between hosts are represented by a triad (HSRC, HDST, Protocols) HSRC – Source Host HDST – Destination Host Protocols – Sub-sets of connection relations sets exist between the source host and the destination host.{Empty Set} , {Localhost}
It is a fault caused by an error in the design, development, configuration or by using some kind of software which could introduce some loopholes in the design. • V = {vul1,vul2,….vulm } . Vulii=(1,2…n). • Every vulnerability is represented by a tuple (BID, NAME, OS, DATE).
Computers, routers, switches etc… • H = {h1, h2, ….hm} . hi (i=1,2…m) • A host is represented by a tuple (HOSTID, OS, SVCS, VULS) • Summary: Security Status (SS) = {(Pn, hi) , (hj, hk, protocols)} n = 1,2,...4 ; i,j,k= 1,2…m
Using a vulnerability to attack can be seen as a map from a set of preconditions to a set of results. • Attack_rule = {Preconditions, Postconditions} • Preconditions = {srcprivilege, dstprivilege, vuls, protocols} • Postconditions = {rslt_privilege, rslt_protocols, rslt_vuls}
Attack_rule = { {Src_privilege, Dst_privilege, Vuls} , {Rslt_privilege, Rslt_protocols, Rslt_vuls} }
The computer network security status space , SSP = (SS , AR) • SS = Security Space • AR = Attack Rules = {attack_rule1,attack_rule2, .…attack_rulem}
The Node and Edge of Attack Graph • Algorithm to Generate Attack route
An attack graph is a graph-based description representing the threat to security of information system by synthesizing the attacker’s starting point, host information and network topology. • SSP can be used to describe the attack graph. • Nodes represent the SS. When the node transfers, the SS of attacker is changed. • The directed edges represent the mapping relations as (HSRC, HDST, attack_rule)
Assumption 1 : The attacker has the powerful attack ability, namely attacker who knows the vulnerability well in system, has the ability to attack these vulnerabilities. • Assumption 2: The attacker is sophisticated so that he doesn’t launch an attack to get the privilege that he has possessed.
Algorithm: • From the initial network state, find all network states the attacker could get directly, and add these network states into State Queue. • Choose a state from State Queue as Cur state, and finds all networks states which could be got directly from Cur state as New states. If a state is new, then it would be added into State queue. • When the State queue is not empty, it would return to step 2. If the State queue is empty, the algorithm finishes. • Note: An attack graph generation tool like Graphvizis used to generate the attack graph using the above algorithm.
Connection relation is given as below: • The attacker will attack the internal network using host IP0, and the attacker has the highest privilege of ROOT on IP0. • Objective is to get the privilege of ROOT on IP2
One best way to determine the security state of a computer network is to analyze the security attributes and come up a with an attack graph. • Easy, usable and effective. • Future study: Optimization of the Graph generation algorithm.
Network Security Analysis Based on Security Status Space • Tao Zhang, Chong Wu. • Network Security Evaluation through Attack Graph Generation • Zhang Lefung, Tang Hong.
Thank you. Any Questions??