Detail publikace

An Approach for Automated Network-Wide Security Analysis

Originální název

An Approach for Automated Network-Wide Security Analysis

Anglický název

An Approach for Automated Network-Wide Security Analysis

Jazyk

en

Originální abstrakt

This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.

Anglický abstrakt

This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.

BibTex


@inproceedings{BUT34733,
  author="Miroslav {Švéda} and Ondřej {Ryšavý} and Petr {Matoušek} and Jaroslav {Ráb}",
  title="An Approach for Automated Network-Wide Security Analysis",
  annote="This paper deals with an approach to security analysis of TCP/IP-based computer
networks. The method developed stems from a formal model of network topology with
changing link states, and deploys bounded model checking of network security
properties supported by SAT-based decision procedure. Its implementation should
consist of a set of tools that can provide automatic analysis of router
configurations, network topologies, and states with respect to checked
properties. While this project aims at supporting a real practice, it stems from
the previous, more theoretical research designing the method in detail including
its formal background.",
  address="IEEE Computer Society",
  booktitle="Proceedings of the Ninth International Conference on Networks  ICN 2010",
  chapter="34733",
  edition="NEUVEDEN",
  howpublished="print",
  institution="IEEE Computer Society",
  year="2010",
  month="march",
  pages="294--299",
  publisher="IEEE Computer Society",
  type="conference paper"
}