Formal reasoning about a specification-based intrusion detection for dynamic auto-configuration protocols in ad hoc networks

Authors:
Tao Song;Calvin Ko;Chinyang Henry Tseng;Poornima Balasubramanyam;Anant Chaudhary;Karl N. Levitt
Affiliations:
Computer Security Laboratory, University of California, Davis;Sparta Inc., Saratoga, CA;Computer Security Laboratory, University of California, Davis;Computer Security Laboratory, University of California, Davis;Computer Security Laboratory, University of California, Davis;Computer Security Laboratory, University of California, Davis
Venue:
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Year:
2005

Citing 12
Cited 0

An introduction to Estelle: a specification language for distributed systems

Computer Networks and ISDN Systems - Special Issue: Protocol Specification and Testing
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Computer-Aided Reasoning: An Approach

Computer-Aided Reasoning: An Approach
The Art and Science of Computer Security

The Art and Science of Computer Security
System Health and Intrusion Monitoring Using a Hierarchy of Constraints

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Proving Theorems About Java-Like Byte Code

Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel)
ACL2 Theorems About Commercial Microprocessors

FMCAD '96 Proceedings of the First International Conference on Formal Methods in Computer-Aided Design
Performance Modeling and Simulation of Dynamic and Rapid Auto-configuration Protocols for Ad-hoc Wireless Networks

ANSS '03 Proceedings of the 36th annual symposium on Simulation
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A specification-based intrusion detection system for AODV

Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
A General Cooperative Intrusion Detection Architecture for MANETs

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance

Quantified Score

Hi-index	0.00

Visualization

Abstract

As mobile ad hoc networks (MANETs) are increasingly deployed in critical environments, security becomes a paramount issue. The dynamic and decentralized nature of MANETs makes their protocols very vulnerable to attacks, for example, by malicious insiders, who can cause packets to be misrouted or cause other nodes to have improper configuration. This paper addresses security issues of auto-configuration protocols in ad hoc networks. Auto-configuration protocols enable nodes to obtain configuration information (e.g., an IP address) so that they can communicate with other nodes in the network. We describe a formal approach to modeling and reasoning about auto-configuration protocols to support the detection of malicious insider nodes. With respect to this family of protocols, our approach defines a global security requirement for a network that characterizes the "good" behavior of individual nodes to assure the global property. This behavior becomes local detection rules that define a distributed specification-based intrusion detection system aimed at detecting malicious insider nodes. We formally prove that the local detection rules (identifying activity that is monitored) together with “assumptions” that identify system properties which are not monitored imply the global security requirement. This approach, novel to the field of intrusion detection, can, in principle, yield an intrusion detection system that detects any attack, even unknown attacks, that can imperil the global security requirement.