Abstract
Since many security incidents of networked computing infrastructures arise from inadequate technical management actions, we aim at a method supporting the formal analysis of those implications which administration activities may have towards system security. We apply the specification language cTLA which supports the modular description of process systems and facilitates the construction of a modeling framework. The framework defines a generic modeling structure and provides re-usable model elements. Due to cTLA’s connection to the temporal logic of actions TLA, formal analysis can resort to symbolic reasoning. Supplementarily, automated analysis can be applied. We focus here on automated analysis. It is supported by translation of cTLA specifications into suitable model descriptions for the powerful model checking tool SPIN. We outline the utilized methods and tools, and report on the modeling and SPIN-based analysis of IP-Hijacking.
Chapter PDF
References
P. Ammann, R. Ritchey: Using Model Checking to Analyze Network Vulnerabilities. IEEE Symposium on Security and Privacy, May 2000.
M. Balser, W. Reif et al.: Formal System Development with KIV. In: T. Maibaum (ed.), Fundamental Approaches to Software Engineering. Springer LNCS 1783, 2000.
M. Burrows, M. Abadi, R. Needham: A Logic of Authentication. In: Proceedings of the Royal Society, Volume 426, Number 1871, 1989, und in: William Stallings, Practical Cryptography for Data Internetworks, IEEE Computer Society Press, 1996.
D. E. Comer, R. E. Droms: Computer Networks And Internets. Prentice Hall, 2001.
K.M. Chandy, J. Misra: Parallel Program Design — A Foundation, AddisonWesley, Reading, 1988.
Eclipse.org: Eclipse Project FAQ. URL: http://www.eclipse.org/eclipse/faq/eclipsefaq.html, 2002.
P. Herrmann, H. Krumm: A framework for modeling transfer protocols. Computer Networks, 34(2000)317–337.
G.J. Holzmann: The model checker spin, IEEE Trans. Soft. Eng. 23 (1997) 279 295.
K. Kawauchi, S. Kitazawa et al.: A Vulnerability Assessment Tool Using FirstOrder Predicate Logic. IPSJ SIGNotes Computer SECurity No.019 (2003)
R. Kurki-Suonio: Hybrid models with fairness and distributed clocks, in: Lecture Notes in Computer Science, Vol. 736 (Springer, New York, 1993) pp. 103–120.
L. Lamport: The temporal logic of actions, ACM Trans. Prog. Lang. and Sys. 16 (1994) 872–923.
G. Leduc, O. Bonaventure, L. Leonard, E. Koemer, C. Pecheur: Model-based verification of a security protocol for conditional access to services. Formal Methods in System Design, Kluwer Academic Publishers, vol.14, no.2, March 1999 p.171–91.
C. Meadows: Formal Verification of Cryptographic Protocols: A Survey. In: Proc. Asiacrypt, Intern. Conf. on Theory and Application of Cryptology, LNCS, SpringerVerlag, 1995.
C. Meadows: The (NRL) Protocol Analyzer: An Overview. Journal of Logic Programming, 26, 2(1996) pp. 113–131.
S. Noel, B. O’ Berry, R. Ritchey: Representing TCP/IP connectivity for topological analysis of network security. Computer Society, IEEE (ed.), Proceedings of the 18th Annual Computer Security Applications Conference, Dec. 2002, p. 25–31.
C. Ramakrishnan, R. Sekar: Model-Based Analysis of Configuration Vulnerabilities. Journal of Computer Security, Vol. 10, Nr. 1, Jan. 2002, p. 189–209.
C. Ramakrishnan, R. Sekar: Model-Based Vulnerability Analysis of Computer Systems. Second International Workshop on Verification, Model Checking, and Abstract Interpretation, Pisa, Italy, Sep. 1998.
G. Rothmaier, H. Krumm: Formal Modeling of Security Properties of Computer Networks, Internal Technical Report, RvS Group, FB Informatik, University of Dortmund, URL: http://1s4-vwvw.cs.uni-dortmund.de/RVS/P/ForSecMod.pdf, 2003.
T. C. Ruys: Towards Effective Model Checking. PhD Thesis, Univ. Twente, 2001.
L. Svobodova: Implementing OSI Systems. IEEE Journal on Selected Areas in Communications 7 (7),(1989), pp.1115–1130.
C.A. Vissers, G. Scollo, M. van Sinderen: Architecture and specification style in formal descriptions of distributed systems, in: S. Agarwal, K. Sabnani (Eds.), Proceedings of the PSTV VIII, Elsevier, Amsterdam, 1988, pp. 189–204.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Rothmaier, G., Pohl, A., Krumm, H. (2004). Analyzing Network Management Effects with SPIN and cTLA. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_5
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive