Topological vulnerability analysis tva
Download
1 / 27

Topological Vulnerability Analysis (TVA) - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network & Transport Layer Security Modeling Application Layer Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Topological Vulnerability Analysis (TVA)' - andres


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Topological vulnerability analysis tva

Topological Vulnerability Analysis (TVA)

Ooi See Kang

2002 IEEE 18th Annual Computer Security Applications Conference


Outline
Outline

  • What is TVA ?

  • Network Security Model in TVA

  • Modeling Link Layer Security

  • Modeling Network & Transport Layer Security

  • Modeling Application Layer Security

  • Example

  • Summary


What is topological vulnerability analysis tva
What is Topological Vulnerability Analysis (TVA)

  • Analyze a simplified network security model and determine whether the network security requirements were met.

  • uses a state-based model (TCP/IP model) of network security to discover attacks paths.


Tcp ip protocol stack model
TCP/IP Protocol Stack Model

Application Layer

Transport Layer

Network Layer

Link Layer


Network security model in tva
Network Security Model in TVA

  • Network of hosts

  • Connectivity of the hosts

  • Exploits or Attacks

  • List of security requirement the model should attempt to validate


Network security model
Network Security Model

  • Networks of hosts

    • Network services, components and configuration details that give rise to vulnerabilities

  • Connectivity of the hosts

    • Simple boolean matrix to show the relationship between the 2 hosts.


Topological vulnerability analysis tva

Network Security Model

  • Exploits or Attacks

    • Given the right circumstance, can cause changes to the state of the model.

  • List of security requirement the

    model should attempt to validate

    • Represented by invariant statements made about the security of particular hosts on the network


How to break into the network
How to break into the network

  • Know about the vulnerabilities of the network.

  • Familiar with the network connectivity

  • Know the User privileges


Modeling the layer s security
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer


Modeling link layer security
Modeling Link Layer Security

  • Communication can only occur between hosts located on the same network segment

  • ARP used to resolved addresses and thus identify hosts that share a common network segment


Topological vulnerability analysis tva

Modeling Link Layer Security

  • Packet Sniffing

    • An activity through which a privileged user can eavesdrop on network traffic

    • Most network is transmitted unencrypted

    • The authentication details can be captured easily


Topological vulnerability analysis tva

Modeling Link Layer Security

  • Hub

    • Re-broadcast all received packets to every host

  • Switch

    • Direct traffic to those host specifically addressed in the Link Layer frame.


How tva do analysis
How TVA do analysis

  • Track link layer connectivity at the host level

  • Distinguish which hosts have such connectivity/sniff with each others

  • Label those hosts which can sniff the traffic of another host.

  • LINK_(Exploit program)eg. LINK_ARP



Modeling the layer s security1
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer


Modeling network transport layer security
Modeling Network/Transport Layer Security

  • Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port)

  • These address details used by firewall to decide whether allow to be passing by between the hosts.

  • The connectivity will be represented by a simple Boolean matrix.

  • Label it as TRANS_(Exploit program)


Topological vulnerability analysis tva

Modeling Network/Transport Layer Security

  • Example

Figure – Example network with connectivity Limiting Firewall


Topological vulnerability analysis tva

Modeling Network/Transport Layer Security

  • Example

Figure – Example Exploit Path


Modeling the layer s security2
Modeling the layer’s security

Application Layer

Transport Layer

Network Layer

Link Layer


Modeling application layer security
Modeling Application Layer Security

  • Address all connectivity-related security issues.

  • Label it as APP_(Exploit program)

Figure – Example telnet exploit





Summary
Summary

  • TVA uses TCP/IP model to track the possible attacks path.

  • Network security model is make up by 4 major elements.

  • Exploits are used to check the vulnerability of each connectivity

  • Exploits doesn’t decrease the vulnerability of the network but increase it instead.

  • TVA model the Link Layer security by label it with LINK_(Exploit program)

  • TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program)

  • TVA model the Application Layer security by label it with APP_(Exploit program)




Acknowledgement
Acknowledgement

  • Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University)

  • Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)