Title: Topological Vulnerability Analysis TVA
1Topological Vulnerability Analysis (TVA)
2002 IEEE 18th Annual Computer Security
Applications Conference
2 Outline
- What is TVA ?
- Network Security Model in TVA
- Modeling Link Layer Security
- Modeling Network Transport Layer Security
- Modeling Application Layer Security
- Example
- Summary
3What is Topological Vulnerability Analysis (TVA)
- Analyze a simplified network security model and
determine whether the network security
requirements were met. - uses a state-based model (TCP/IP model) of
network security to discover attacks paths.
4TCP/IP Protocol Stack Model
Application Layer
Transport Layer
Network Layer
Link Layer
5Network Security Model in TVA
- Network of hosts
- Connectivity of the hosts
- Exploits or Attacks
- List of security requirement the model should
attempt to validate
6Network Security Model
- Networks of hosts
- Network services, components and configuration
details that give rise to vulnerabilities
- Connectivity of the hosts
- Simple boolean matrix to show the relationship
between the 2 hosts.
7Network Security Model
- Exploits or Attacks
- Given the right circumstance, can cause changes
to the state of the model.
- List of security requirement the
- model should attempt to validate
- Represented by invariant statements made about
the security of particular hosts on the network
8How to break into the network
- Know about the vulnerabilities of the network.
- Familiar with the network connectivity
- Know the User privileges
9Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
10Modeling Link Layer Security
- Communication can only occur between hosts
located on the same network segment - ARP used to resolved addresses and thus identify
hosts that share a common network segment
11Modeling Link Layer Security
- Packet Sniffing
- An activity through which a privileged user can
eavesdrop on network traffic - Most network is transmitted unencrypted
- The authentication details can be captured easily
12Modeling Link Layer Security
- Hub
- Re-broadcast all received packets to every host
- Switch
- Direct traffic to those host specifically
addressed in the Link Layer frame.
13How TVA do analysis
- Track link layer connectivity at the host level
- Distinguish which hosts have such
connectivity/sniff with each others - Label those hosts which can sniff the traffic of
another host. - LINK_(Exploit program) eg. LINK_ARP
14How TVA do analysis
15Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
16Modeling Network/Transport Layer Security
- Most network services communicate via transport
protocol, thus, their packet contain both Network
layer (IP) and transport layer (port) - These address details used by firewall to decide
whether allow to be passing by between the hosts. - The connectivity will be represented by a simple
Boolean matrix. - Label it as TRANS_(Exploit program)
17Modeling Network/Transport Layer Security
Figure Example network with connectivity
Limiting Firewall
18Modeling Network/Transport Layer Security
Figure Example Exploit Path
19Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
20Modeling Application Layer Security
- Address all connectivity-related security issues.
- Label it as APP_(Exploit program)
Figure Example telnet exploit
21Overall Example
22Overall Example
23Overall Example
24Summary
- TVA uses TCP/IP model to track the possible
attacks path. - Network security model is make up by 4 major
elements. - Exploits are used to check the vulnerability of
each connectivity - Exploits doesnt decrease the vulnerability of
the network but increase it instead. - TVA model the Link Layer security by label it
with LINK_(Exploit program) - TVA model the Transport/Network Layer security by
label it with TRANS_(Exploit program) - TVA model the Application Layer security by label
it with APP_(Exploit program)
25Question ?
26END
27Acknowledgement
- Ronald Ritchey, Brian OBerry, Steven Noel
--Representing TCP/IP Connectivity For
Topological Analysis of network Security (George
Mason University) - Ronald W Ritchey and Paul Ammann -- Using Model
Checking To Analyze Network Security (2000 IEEE
Symposium on Security Privacy)