Topological Vulnerability Analysis TVA - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Topological Vulnerability Analysis TVA

Description:

The connectivity will be represented by a simple Boolean matrix. ... Exploits are used to check the vulnerability of each connectivity ... – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 28
Provided by: ooiseekan
Category:

less

Transcript and Presenter's Notes

Title: Topological Vulnerability Analysis TVA


1
Topological Vulnerability Analysis (TVA)
  • Ooi See Kang

2002 IEEE 18th Annual Computer Security
Applications Conference
2
Outline
  • What is TVA ?
  • Network Security Model in TVA
  • Modeling Link Layer Security
  • Modeling Network Transport Layer Security
  • Modeling Application Layer Security
  • Example
  • Summary

3
What is Topological Vulnerability Analysis (TVA)
  • Analyze a simplified network security model and
    determine whether the network security
    requirements were met.
  • uses a state-based model (TCP/IP model) of
    network security to discover attacks paths.

4
TCP/IP Protocol Stack Model
Application Layer
Transport Layer
Network Layer
Link Layer
5
Network Security Model in TVA
  • Network of hosts
  • Connectivity of the hosts
  • Exploits or Attacks
  • List of security requirement the model should
    attempt to validate

6
Network Security Model
  • Networks of hosts
  • Network services, components and configuration
    details that give rise to vulnerabilities
  • Connectivity of the hosts
  • Simple boolean matrix to show the relationship
    between the 2 hosts.

7
Network Security Model
  • Exploits or Attacks
  • Given the right circumstance, can cause changes
    to the state of the model.
  • List of security requirement the
  • model should attempt to validate
  • Represented by invariant statements made about
    the security of particular hosts on the network

8
How to break into the network
  • Know about the vulnerabilities of the network.
  • Familiar with the network connectivity
  • Know the User privileges

9
Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
10
Modeling Link Layer Security
  • Communication can only occur between hosts
    located on the same network segment
  • ARP used to resolved addresses and thus identify
    hosts that share a common network segment

11
Modeling Link Layer Security
  • Packet Sniffing
  • An activity through which a privileged user can
    eavesdrop on network traffic
  • Most network is transmitted unencrypted
  • The authentication details can be captured easily

12
Modeling Link Layer Security
  • Hub
  • Re-broadcast all received packets to every host
  • Switch
  • Direct traffic to those host specifically
    addressed in the Link Layer frame.

13
How TVA do analysis
  • Track link layer connectivity at the host level
  • Distinguish which hosts have such
    connectivity/sniff with each others
  • Label those hosts which can sniff the traffic of
    another host.
  • LINK_(Exploit program) eg. LINK_ARP

14
How TVA do analysis
  • Example

15
Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
16
Modeling Network/Transport Layer Security
  • Most network services communicate via transport
    protocol, thus, their packet contain both Network
    layer (IP) and transport layer (port)
  • These address details used by firewall to decide
    whether allow to be passing by between the hosts.
  • The connectivity will be represented by a simple
    Boolean matrix.
  • Label it as TRANS_(Exploit program)

17
Modeling Network/Transport Layer Security
  • Example

Figure Example network with connectivity
Limiting Firewall
18
Modeling Network/Transport Layer Security
  • Example

Figure Example Exploit Path
19
Modeling the layers security
Application Layer
Transport Layer
Network Layer
Link Layer
20
Modeling Application Layer Security
  • Address all connectivity-related security issues.
  • Label it as APP_(Exploit program)

Figure Example telnet exploit
21
Overall Example
22
Overall Example
23
Overall Example
24
Summary
  • TVA uses TCP/IP model to track the possible
    attacks path.
  • Network security model is make up by 4 major
    elements.
  • Exploits are used to check the vulnerability of
    each connectivity
  • Exploits doesnt decrease the vulnerability of
    the network but increase it instead.
  • TVA model the Link Layer security by label it
    with LINK_(Exploit program)
  • TVA model the Transport/Network Layer security by
    label it with TRANS_(Exploit program)
  • TVA model the Application Layer security by label
    it with APP_(Exploit program)

25
Question ?
26
END
27
Acknowledgement
  • Ronald Ritchey, Brian OBerry, Steven Noel
    --Representing TCP/IP Connectivity For
    Topological Analysis of network Security (George
    Mason University)
  • Ronald W Ritchey and Paul Ammann -- Using Model
    Checking To Analyze Network Security (2000 IEEE
    Symposium on Security Privacy)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Topological Vulnerability Analysis TVA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!