A Formal Model for Network-Wide Security Analysis

A Formal Model for Network-Wide Security Analysis

Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Rab, Jaroslav, Matousek, Petr, Rysavy, Ondrej, Sveda, Miroslav
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer networks
Computer security
Condition monitoring
Conferences
dynamic routing protocols
formal verification
Information filtering
Information filters
netowrk design
network security
Network topology
packet filters
Reachability analysis
Routing protocols
Testing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.
DOI:10.1109/ECBS.2008.13