18th Annual Computer Security Applications Conference
December 9-13, 2002
Las Vegas, Nevada

Representing TCP/IP Connectivity For Topological Analysis of Network Security

Ronald W Ritchey
Booz Allen Hamilton

Brian O'Berry and Steven Noel
George Mason University

The individual vulnerabilities of hosts on a network can be combined by an attacker to gain access that would not be possible if the hosts were not interconnected. Currently available tools report vulnerabilities in isolation and in the context of individual hosts in a network. Topological vulnerability analysis (TVA) extends this by searching for sequences of interdependent vulnerabilities, distributed among the various network hosts. Model checking has been applied to the analysis of this problem with some interesting initial results [9]. However this previous effort did not take into account a realistic representation of network connectivity. The simplified model used was enough to demonstrate the usefulness of the model checking approach but would not be sufficient to model real-world network security problems. This paper presents a refinement of the model to include representations of network connectivity at multiple levels of the TCP/IP stack. With this enhancement, it is possible to represent realistic networks including common network security devices such as firewalls, filtering routers, and switches.

Keywords: TVA network security TCP/IP Ethernet model topological vulnerability exploit

Read Paper Read Paper (in PDF)