1 / 27

Topological Vulnerability Analysis (TVA)

Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network & Transport Layer Security Modeling Application Layer Security

renata
Download Presentation

Topological Vulnerability Analysis (TVA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Topological Vulnerability Analysis (TVA) Ooi See Kang 2002 IEEE 18th Annual Computer Security Applications Conference

  2. Outline • What is TVA ? • Network Security Model in TVA • Modeling Link Layer Security • Modeling Network & Transport Layer Security • Modeling Application Layer Security • Example • Summary

  3. What is Topological Vulnerability Analysis (TVA) • Analyze a simplified network security model and determine whether the network security requirements were met. • uses a state-based model (TCP/IP model) of network security to discover attacks paths.

  4. TCP/IP Protocol Stack Model Application Layer Transport Layer Network Layer Link Layer

  5. Network Security Model in TVA • Network of hosts • Connectivity of the hosts • Exploits or Attacks • List of security requirement the model should attempt to validate

  6. Network Security Model • Networks of hosts • Network services, components and configuration details that give rise to vulnerabilities • Connectivity of the hosts • Simple boolean matrix to show the relationship between the 2 hosts.

  7. Network Security Model • Exploits or Attacks • Given the right circumstance, can cause changes to the state of the model. • List of security requirement the model should attempt to validate • Represented by invariant statements made about the security of particular hosts on the network

  8. How to break into the network • Know about the vulnerabilities of the network. • Familiar with the network connectivity • Know the User privileges

  9. Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer

  10. Modeling Link Layer Security • Communication can only occur between hosts located on the same network segment • ARP used to resolved addresses and thus identify hosts that share a common network segment

  11. Modeling Link Layer Security • Packet Sniffing • An activity through which a privileged user can eavesdrop on network traffic • Most network is transmitted unencrypted • The authentication details can be captured easily

  12. Modeling Link Layer Security • Hub • Re-broadcast all received packets to every host • Switch • Direct traffic to those host specifically addressed in the Link Layer frame.

  13. How TVA do analysis • Track link layer connectivity at the host level • Distinguish which hosts have such connectivity/sniff with each others • Label those hosts which can sniff the traffic of another host. • LINK_(Exploit program)eg. LINK_ARP

  14. How TVA do analysis • Example

  15. Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer

  16. Modeling Network/Transport Layer Security • Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port) • These address details used by firewall to decide whether allow to be passing by between the hosts. • The connectivity will be represented by a simple Boolean matrix. • Label it as TRANS_(Exploit program)

  17. Modeling Network/Transport Layer Security • Example Figure – Example network with connectivity Limiting Firewall

  18. Modeling Network/Transport Layer Security • Example Figure – Example Exploit Path

  19. Modeling the layer’s security Application Layer Transport Layer Network Layer Link Layer

  20. Modeling Application Layer Security • Address all connectivity-related security issues. • Label it as APP_(Exploit program) Figure – Example telnet exploit

  21. Overall Example

  22. Overall Example

  23. Overall Example

  24. Summary • TVA uses TCP/IP model to track the possible attacks path. • Network security model is make up by 4 major elements. • Exploits are used to check the vulnerability of each connectivity • Exploits doesn’t decrease the vulnerability of the network but increase it instead. • TVA model the Link Layer security by label it with LINK_(Exploit program) • TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program) • TVA model the Application Layer security by label it with APP_(Exploit program)

  25. Question ?

  26. END

  27. Acknowledgement • Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University) • Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)

More Related