Result Details
An Approach for Automated Network-Wide Security Analysis
Ryšavý Ondřej, doc. Ing., Ph.D., DIFS (FIT)
Matoušek Petr, doc. Ing., Ph.D., M.A., DIFS (FIT)
Ráb Jaroslav, Ing., DIFS (FIT)
This paper deals with an approach to security analysis of TCP/IP-based computer networks. The method developed stems from a formal model of network topology with changing link states, and deploys bounded model checking of network security properties supported by SAT-based decision procedure. Its implementation should consist of a set of tools that can provide automatic analysis of router configurations, network topologies, and states with respect to checked properties. While this project aims at supporting a real practice, it stems from the previous, more theoretical research designing the method in detail including its formal background.
TCP/IP networks; changing network topology; network security analysis; bounded model-checking; SAT-based decision procedure
@inproceedings{BUT34733,
author="Miroslav {Švéda} and Ondřej {Ryšavý} and Petr {Matoušek} and Jaroslav {Ráb}",
title="An Approach for Automated Network-Wide Security Analysis",
booktitle="Proceedings of the Ninth International Conference on Networks ICN 2010",
year="2010",
pages="294--299",
publisher="IEEE Computer Society",
address="Les Menuires",
isbn="978-0-7695-3979-9",
url="https://www.fit.vut.cz/research/publication/9191/"
}Safety and security of networked embedded system applications, GACR, Standardní projekty, GA102/08/1429, start: 2008-01-01, end: 2010-12-31, completed
Secured, reliable and adaptive computer systems, BUT, Vnitřní projekty VUT, FIT-S-10-1, start: 2010-03-01, end: 2010-12-31, completed
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, start: 2007-01-01, end: 2013-12-31, running