Publication Details
An Approach for Automated Network-Wide Security Analysis
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Ráb Jaroslav, Ing. (DIFS FIT BUT)
TCP/IP networks; changing network topology; network security analysis; bounded model-checking; SAT-based decision procedure
This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.
@INPROCEEDINGS{FITPUB9191,
author = "Miroslav \v{S}v\'{e}da and Ond\v{r}ej Ry\v{s}av\'{y} and Petr Matou\v{s}ek and Jaroslav R\'{a}b",
title = "An Approach for Automated Network-Wide Security Analysis",
pages = "294--299",
booktitle = "Proceedings of the Ninth International Conference on Networks ICN 2010",
year = 2010,
location = "Les Menuires, FR",
publisher = "IEEE Computer Society",
ISBN = "978-0-7695-3979-9",
language = "english",
url = "https://www.fit.vut.cz/research/publication/9191"
}