A Multi-View Tool for Checking the Security Semantics of Router Configurations

Holger Peine and Reinhard Schwarz
Fraunhofer IESE Research Institute

Routers are critical components of IP networks, but hardly any tool support for analyzing their security exists to date. We have developed such a tool, named CROCODILE, that tracks the security implications of related configuration directives that may be scattered all over the router s configuration, instead of analyzing only isolated configuration clauses like other tools do. Our tool offers several novel evaluation capabilities and presents its findings as a collection of multiview displays, enabling the user to focus on selected aspects, and to navigate deeper and deeper into specific details. We demonstrate the practical use of CROCODILE, and a comparison with the well-known RAT tool illustrates CROCODILE's remarkable capabilities.

Keywords: router security audit checker tool

Read Paper Read Paper (in PDF)