A Formal Model for Network-Wide Security Analysis

A Formal Model for Network-Wide Security Analysis

Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Rab, Jaroslav, Matousek, Petr, Rysavy, Ondrej, Sveda, Miroslav
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer networks
Computer security
Condition monitoring
Conferences
dynamic routing protocols
formal verification
Information filtering
Information filters
netowrk design
network security
Network topology
packet filters
Reachability analysis
Routing protocols
Testing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 181
container_issue
container_start_page 171
container_title
container_volume
creator Rab, Jaroslav
Matousek, Petr
Rysavy, Ondrej
Sveda, Miroslav
description Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.
doi_str_mv 10.1109/ECBS.2008.13
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4492398</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4492398</ieee_id><sourcerecordid>4492398</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-51038f926e8a161debdf001279dd5a7ca38175c8eb8d048eec6da774cd9a31fe3</originalsourceid><addsrcrecordid>eNotjLFOwzAURS2hSkDJxsbiH0h4L7ZjewxRS5FKOxTEWLn2i2RICXKCUP6eSHCXM5yjy9gtQoEI9n7VPByKEsAUKC5YZrUBXVklUCIs2PVstJWi0vKSZcPwDvOkQgF4xbDm6z6dXcef-0Adb_vEdzT-9Okjf4uB-IH8d4rjxOtP101DHG7YonXdQNk_l-x1vXppNvl2__jU1Ns8olZjrhCEaW1ZkXFYYaBTaAGw1DYE5bR3wsydN3QyAaQh8lVwWksfrBPYkliyu7_fSETHrxTPLk1HKW0prBG_Nh9Diw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Formal Model for Network-Wide Security Analysis</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Rab, Jaroslav ; Matousek, Petr ; Rysavy, Ondrej ; Sveda, Miroslav</creator><creatorcontrib>Rab, Jaroslav ; Matousek, Petr ; Rysavy, Ondrej ; Sveda, Miroslav</creatorcontrib><description>Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.</description><identifier>ISBN: 9780769531410</identifier><identifier>ISBN: 0769531415</identifier><identifier>DOI: 10.1109/ECBS.2008.13</identifier><identifier>LCCN: 2007943674</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer networks ; Computer security ; Condition monitoring ; Conferences ; dynamic routing protocols ; formal verification ; Information filtering ; Information filters ; netowrk design ; network security ; Network topology ; packet filters ; Reachability analysis ; Routing protocols ; Testing</subject><ispartof>15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008), 2008, p.171-181</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4492398$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,27924,54919</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4492398$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Rab, Jaroslav</creatorcontrib><creatorcontrib>Matousek, Petr</creatorcontrib><creatorcontrib>Rysavy, Ondrej</creatorcontrib><creatorcontrib>Sveda, Miroslav</creatorcontrib><title>A Formal Model for Network-Wide Security Analysis</title><title>15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008)</title><addtitle>ECBS</addtitle><description>Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.</description><subject>Computer networks</subject><subject>Computer security</subject><subject>Condition monitoring</subject><subject>Conferences</subject><subject>dynamic routing protocols</subject><subject>formal verification</subject><subject>Information filtering</subject><subject>Information filters</subject><subject>netowrk design</subject><subject>network security</subject><subject>Network topology</subject><subject>packet filters</subject><subject>Reachability analysis</subject><subject>Routing protocols</subject><subject>Testing</subject><isbn>9780769531410</isbn><isbn>0769531415</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjLFOwzAURS2hSkDJxsbiH0h4L7ZjewxRS5FKOxTEWLn2i2RICXKCUP6eSHCXM5yjy9gtQoEI9n7VPByKEsAUKC5YZrUBXVklUCIs2PVstJWi0vKSZcPwDvOkQgF4xbDm6z6dXcef-0Adb_vEdzT-9Okjf4uB-IH8d4rjxOtP101DHG7YonXdQNk_l-x1vXppNvl2__jU1Ns8olZjrhCEaW1ZkXFYYaBTaAGw1DYE5bR3wsydN3QyAaQh8lVwWksfrBPYkliyu7_fSETHrxTPLk1HKW0prBG_Nh9Diw</recordid><startdate>200803</startdate><enddate>200803</enddate><creator>Rab, Jaroslav</creator><creator>Matousek, Petr</creator><creator>Rysavy, Ondrej</creator><creator>Sveda, Miroslav</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200803</creationdate><title>A Formal Model for Network-Wide Security Analysis</title><author>Rab, Jaroslav ; Matousek, Petr ; Rysavy, Ondrej ; Sveda, Miroslav</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-51038f926e8a161debdf001279dd5a7ca38175c8eb8d048eec6da774cd9a31fe3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Computer networks</topic><topic>Computer security</topic><topic>Condition monitoring</topic><topic>Conferences</topic><topic>dynamic routing protocols</topic><topic>formal verification</topic><topic>Information filtering</topic><topic>Information filters</topic><topic>netowrk design</topic><topic>network security</topic><topic>Network topology</topic><topic>packet filters</topic><topic>Reachability analysis</topic><topic>Routing protocols</topic><topic>Testing</topic><toplevel>online_resources</toplevel><creatorcontrib>Rab, Jaroslav</creatorcontrib><creatorcontrib>Matousek, Petr</creatorcontrib><creatorcontrib>Rysavy, Ondrej</creatorcontrib><creatorcontrib>Sveda, Miroslav</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Rab, Jaroslav</au><au>Matousek, Petr</au><au>Rysavy, Ondrej</au><au>Sveda, Miroslav</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Formal Model for Network-Wide Security Analysis</atitle><btitle>15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008)</btitle><stitle>ECBS</stitle><date>2008-03</date><risdate>2008</risdate><spage>171</spage><epage>181</epage><pages>171-181</pages><isbn>9780769531410</isbn><isbn>0769531415</isbn><abstract>Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.</abstract><pub>IEEE</pub><doi>10.1109/ECBS.2008.13</doi><tpages>11</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 9780769531410
ispartof 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008), 2008, p.171-181
issn
language eng
recordid cdi_ieee_primary_4492398
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer networks
Computer security
Condition monitoring
Conferences
dynamic routing protocols
formal verification
Information filtering
Information filters
netowrk design
network security
Network topology
packet filters
Reachability analysis
Routing protocols
Testing
title A Formal Model for Network-Wide Security Analysis
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T08%3A04%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Formal%20Model%20for%20Network-Wide%20Security%20Analysis&rft.btitle=15th%20Annual%20IEEE%20International%20Conference%20and%20Workshop%20on%20the%20Engineering%20of%20Computer%20Based%20Systems%20(ecbs%202008)&rft.au=Rab,%20Jaroslav&rft.date=2008-03&rft.spage=171&rft.epage=181&rft.pages=171-181&rft.isbn=9780769531410&rft.isbn_list=0769531415&rft_id=info:doi/10.1109/ECBS.2008.13&rft_dat=%3Cieee_6IE%3E4492398%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4492398&rfr_iscdi=true