An Approach for Automated Network-Wide Security Analysis

An Approach for Automated Network-Wide Security Analysis

Stať ve sborníku mimo WoS a Scopus

This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.

This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.

TCP/IP networks; changing network topology; network security analysis; bounded model-checking; SAT-based decision procedure

TCP/IP networks; changing network topology; network security analysis; bounded model-checking; SAT-based decision procedure

ŠVÉDA, M.; RYŠAVÝ, O.; MATOUŠEK, P.; RÁB, J.

2012

31.03.2010

IEEE Computer Society

Les Menuires

978-0-7695-3979-9

Proceedings of the Ninth International Conference on Networks ICN 2010

294

299

6

https://www.fit.vut.cz/research/publication/9191/

An Approach for Automated Network-Wide Security Analysis (PDF)