1 / 27

# Topological Vulnerability Analysis (TVA) - PowerPoint PPT Presentation

Topological Vulnerability Analysis (TVA). Ooi See Kang. 2002 IEEE 18 th Annual Computer Security Applications Conference. Outline. What is TVA ? Network Security Model in TVA Modeling Link Layer Security Modeling Network & Transport Layer Security Modeling Application Layer Security

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Topological Vulnerability Analysis (TVA)' - andres

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Topological Vulnerability Analysis (TVA)

Ooi See Kang

2002 IEEE 18th Annual Computer Security Applications Conference

• What is TVA ?

• Network Security Model in TVA

• Modeling Network & Transport Layer Security

• Modeling Application Layer Security

• Example

• Summary

• Analyze a simplified network security model and determine whether the network security requirements were met.

• uses a state-based model (TCP/IP model) of network security to discover attacks paths.

Application Layer

Transport Layer

Network Layer

• Network of hosts

• Connectivity of the hosts

• Exploits or Attacks

• List of security requirement the model should attempt to validate

• Networks of hosts

• Network services, components and configuration details that give rise to vulnerabilities

• Connectivity of the hosts

• Simple boolean matrix to show the relationship between the 2 hosts.

• Exploits or Attacks

• Given the right circumstance, can cause changes to the state of the model.

• List of security requirement the

model should attempt to validate

• Represented by invariant statements made about the security of particular hosts on the network

• Know about the vulnerabilities of the network.

• Familiar with the network connectivity

• Know the User privileges

Application Layer

Transport Layer

Network Layer

• Communication can only occur between hosts located on the same network segment

• ARP used to resolved addresses and thus identify hosts that share a common network segment

• Packet Sniffing

• An activity through which a privileged user can eavesdrop on network traffic

• Most network is transmitted unencrypted

• The authentication details can be captured easily

• Hub

• Switch

• Direct traffic to those host specifically addressed in the Link Layer frame.

• Track link layer connectivity at the host level

• Distinguish which hosts have such connectivity/sniff with each others

• Label those hosts which can sniff the traffic of another host.

• Example

Application Layer

Transport Layer

Network Layer

• Most network services communicate via transport protocol, thus, their packet contain both Network layer (IP) and transport layer (port)

• These address details used by firewall to decide whether allow to be passing by between the hosts.

• The connectivity will be represented by a simple Boolean matrix.

• Label it as TRANS_(Exploit program)

• Example

Figure – Example network with connectivity Limiting Firewall

• Example

Figure – Example Exploit Path

Application Layer

Transport Layer

Network Layer

• Address all connectivity-related security issues.

• Label it as APP_(Exploit program)

Figure – Example telnet exploit

• TVA uses TCP/IP model to track the possible attacks path.

• Network security model is make up by 4 major elements.

• Exploits are used to check the vulnerability of each connectivity

• Exploits doesn’t decrease the vulnerability of the network but increase it instead.

• TVA model the Link Layer security by label it with LINK_(Exploit program)

• TVA model the Transport/Network Layer security by label it with TRANS_(Exploit program)

• TVA model the Application Layer security by label it with APP_(Exploit program)

• Ronald Ritchey, Brian O’Berry, Steven Noel --Representing TCP/IP Connectivity For Topological Analysis of network Security (George Mason University)

• Ronald W Ritchey and Paul Ammann -- Using Model Checking To Analyze Network Security (2000 IEEE Symposium on Security & Privacy)