Topological Vulnerability Analysis (TVA)

1 / 27

Topological Vulnerability Analysis (TVA) - PowerPoint PPT Presentation

Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network &amp; Transport Layer Security Modeling Application Layer Security

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

PowerPoint Slideshow about ' Topological Vulnerability Analysis (TVA)' - andres

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Topological Vulnerability Analysis (TVA)

Ooi See Kang

2002 IEEE 18th Annual Computer Security Applications Conference

Outline
• What is TVA ?
• Network Security Model in TVA
• Modeling Network & Transport Layer Security
• Modeling Application Layer Security
• Example
• Summary
What is Topological Vulnerability Analysis (TVA)
• Analyze a simplified network security model and determine whether the network security requirements were met.
• uses a state-based model (TCP/IP model) of network security to discover attacks paths.
TCP/IP Protocol Stack Model

Application Layer

Transport Layer

Network Layer

Network Security Model in TVA
• Network of hosts
• Connectivity of the hosts
• Exploits or Attacks
• List of security requirement the model should attempt to validate
Network Security Model
• Networks of hosts
• Network services, components and configuration details that give rise to vulnerabilities
• Connectivity of the hosts
• Simple boolean matrix to show the relationship between the 2 hosts.

Network Security Model

• Exploits or Attacks
• Given the right circumstance, can cause changes to the state of the model.
• List of security requirement the

model should attempt to validate

• Represented by invariant statements made about the security of particular hosts on the network
How to break into the network
• Know about the vulnerabilities of the network.
• Familiar with the network connectivity
• Know the User privileges
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

• Communication can only occur between hosts located on the same network segment
• ARP used to resolved addresses and thus identify hosts that share a common network segment

• Packet Sniffing
• An activity through which a privileged user can eavesdrop on network traffic
• Most network is transmitted unencrypted
• The authentication details can be captured easily

• Hub
• Switch
• Direct traffic to those host specifically addressed in the Link Layer frame.
How TVA do analysis
• Track link layer connectivity at the host level
• Distinguish which hosts have such connectivity/sniff with each others
• Label those hosts which can sniff the traffic of another host.
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Modeling Network/Transport Layer Security
• Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port)
• These address details used by firewall to decide whether allow to be passing by between the hosts.
• The connectivity will be represented by a simple Boolean matrix.
• Label it as TRANS_(Exploit program)

Modeling Network/Transport Layer Security

• Example

Figure – Example network with connectivity Limiting Firewall

Modeling Network/Transport Layer Security

• Example

Figure – Example Exploit Path

Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Modeling Application Layer Security
• Address all connectivity-related security issues.
• Label it as APP_(Exploit program)

Figure – Example telnet exploit

Summary
• TVA uses TCP/IP model to track the possible attacks path.
• Network security model is make up by 4 major elements.
• Exploits are used to check the vulnerability of each connectivity
• Exploits doesn’t decrease the vulnerability of the network but increase it instead.
• TVA model the Link Layer security by label it with LINK_(Exploit program)
• TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program)
• TVA model the Application Layer security by label it with APP_(Exploit program)
Acknowledgement
• Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University)
• Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)