topological vulnerability analysis tva
Download
Skip this Video
Download Presentation
Topological Vulnerability Analysis (TVA)

Loading in 2 Seconds...

play fullscreen
1 / 27

Topological Vulnerability Analysis (TVA) - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network & Transport Layer Security Modeling Application Layer Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Topological Vulnerability Analysis (TVA)' - andres


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
topological vulnerability analysis tva

Topological Vulnerability Analysis (TVA)

Ooi See Kang

2002 IEEE 18th Annual Computer Security Applications Conference

outline
Outline
  • What is TVA ?
  • Network Security Model in TVA
  • Modeling Link Layer Security
  • Modeling Network & Transport Layer Security
  • Modeling Application Layer Security
  • Example
  • Summary
what is topological vulnerability analysis tva
What is Topological Vulnerability Analysis (TVA)
  • Analyze a simplified network security model and determine whether the network security requirements were met.
  • uses a state-based model (TCP/IP model) of network security to discover attacks paths.
tcp ip protocol stack model
TCP/IP Protocol Stack Model

Application Layer

Transport Layer

Network Layer

Link Layer

network security model in tva
Network Security Model in TVA
  • Network of hosts
  • Connectivity of the hosts
  • Exploits or Attacks
  • List of security requirement the model should attempt to validate
network security model
Network Security Model
  • Networks of hosts
    • Network services, components and configuration details that give rise to vulnerabilities
  • Connectivity of the hosts
    • Simple boolean matrix to show the relationship between the 2 hosts.
slide7

Network Security Model

  • Exploits or Attacks
    • Given the right circumstance, can cause changes to the state of the model.
  • List of security requirement the

model should attempt to validate

    • Represented by invariant statements made about the security of particular hosts on the network
how to break into the network
How to break into the network
  • Know about the vulnerabilities of the network.
  • Familiar with the network connectivity
  • Know the User privileges
modeling the layer s security
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer

modeling link layer security
Modeling Link Layer Security
  • Communication can only occur between hosts located on the same network segment
  • ARP used to resolved addresses and thus identify hosts that share a common network segment
slide11

Modeling Link Layer Security

  • Packet Sniffing
    • An activity through which a privileged user can eavesdrop on network traffic
    • Most network is transmitted unencrypted
    • The authentication details can be captured easily
slide12

Modeling Link Layer Security

  • Hub
    • Re-broadcast all received packets to every host
  • Switch
    • Direct traffic to those host specifically addressed in the Link Layer frame.
how tva do analysis
How TVA do analysis
  • Track link layer connectivity at the host level
  • Distinguish which hosts have such connectivity/sniff with each others
  • Label those hosts which can sniff the traffic of another host.
  • LINK_(Exploit program)eg. LINK_ARP
modeling the layer s security1
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer

modeling network transport layer security
Modeling Network/Transport Layer Security
  • Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port)
  • These address details used by firewall to decide whether allow to be passing by between the hosts.
  • The connectivity will be represented by a simple Boolean matrix.
  • Label it as TRANS_(Exploit program)
slide17

Modeling Network/Transport Layer Security

  • Example

Figure – Example network with connectivity Limiting Firewall

slide18

Modeling Network/Transport Layer Security

  • Example

Figure – Example Exploit Path

modeling the layer s security2
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer

modeling application layer security
Modeling Application Layer Security
  • Address all connectivity-related security issues.
  • Label it as APP_(Exploit program)

Figure – Example telnet exploit

summary
Summary
  • TVA uses TCP/IP model to track the possible attacks path.
  • Network security model is make up by 4 major elements.
  • Exploits are used to check the vulnerability of each connectivity
  • Exploits doesn’t decrease the vulnerability of the network but increase it instead.
  • TVA model the Link Layer security by label it with LINK_(Exploit program)
  • TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program)
  • TVA model the Application Layer security by label it with APP_(Exploit program)
acknowledgement
Acknowledgement
  • Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University)
  • Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)
ad