A Formal Model for Network-Wide Security Analysis

Matoušek, Petr; Rab, Jaroslav; Ryšavý, Ondřej; Sveda, Miroslav

doi:10.1109/ecbs.2008.13

Cited by 31 publications

(12 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, probing is inaccurate, e.g., it cannot probe the open ports with no server listening on them. Due to these drawbacks of probing, many approaches were proposed to address the reachability problem [2], [11], [13], [18], [24], [26]. The main assumption in all these approaches is that the reachability restriction information of each network device and other configuration state are known to a central network analyst, who is quantifying the network reachability.…”

Section: B Limitation Of Prior Artmentioning

confidence: 99%

Privacy-preserving cross-domain network reachability quantification

Chen

Bezawada

Liu

2011

2011 19th IEEE International Conference on Network Protocols

View full text Add to dashboard Cite

Network reachability is one of the key factors for capturing end-to-end network behavior and detecting the violation of security policies. While quantifying network reachability within one administrative domain is already difficult, quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies becomes a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL with thousands of rules is less than 25 seconds, the comparison time of two ACLs is less than 6 seconds, and the communication cost between two ACLs with thousands of rules is less than 2100 KB.

show abstract

Section: B Limitation Of Prior Artmentioning

confidence: 99%

Privacy-preserving cross-domain network reachability quantification

Chen

Bezawada

Liu

2011

2011 19th IEEE International Conference on Network Protocols

View full text Add to dashboard Cite

show abstract

“…As the number of states is exponential to the number of links, the model checking faces the state explosion problem. More details can be approached in the paper [14].…”

Section: Model-checking Of Security Propertiesmentioning

confidence: 99%

Cyber-physical systems networking with TCP/IP: A security application approach

Sveda

Vrba

2013

2013 Africon

Self Cite

View full text Add to dashboard Cite

This paper deals with an approach to security analysis of IP-based computer networks for cyber-physical applications. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation consists of a set of tools that provide automatic analysis of router configurations, network topologies, and states with respect to checked properties.

show abstract

“…The first construction of dynamic provable data possession was proposed by Erway et al [15] which use pdp extended model to achieve the required possession of data. Data using rank-based authenticated skip lists is updated, compared with cloud storage and computation which may receive less attention now days.…”

Section: International Journal Of Computer Applications (0975 -8887)mentioning

confidence: 99%

Enterprise Cloud Storage and Computation Security

Yadav¹,

Sharma²,

Sharma³

2015

IJCA

View full text Add to dashboard Cite

Cloud computing acts as a computing paradigm that aims to provide huge amount of computing in a fully virtualized manner by aggregating resources and thus offering a single system view. Cloud Computing is also delivered as utility assuring customized and quality of service guaranteed computation environments for cloud users. While an enterprise organization is composed of different departments like finance, admin etc these departments are segregated as sub network zone which are thus interconnected via network. Securities are essential for authorization of storage and computing. In this paper we have proposed a privacy cheating discouragement and computation auditing approach that bridging secure storage and computation auditing in cloud. Privacy cheating discouragement is designated by verifier signature, batch verification and probabilistic sampling techniques.

show abstract

A Formal Model for Network-Wide Security Analysis

Cited by 31 publications

References 8 publications

Privacy-preserving cross-domain network reachability quantification

Privacy-preserving cross-domain network reachability quantification

Cyber-physical systems networking with TCP/IP: A security application approach

Enterprise Cloud Storage and Computation Security

Contact Info

Product

Resources

About