Communicating sequential processes
Communicating sequential processes
Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
OLD resolution with tabulation
Proceedings on Third international conference on logic programming
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Tabled evaluation with delaying for general logic programs
Journal of the ACM (JACM)
Formal methods: state of the art and future directions
ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Communication and Concurrency
An Optimizing Compiler for Efficient Model Checking
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
Specification and verification of concurrent systems in CESAR
Proceedings of the 5th Colloquium on International Symposium on Programming
Efficient Model Checking Using Tabled Resolution
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
XMC: A Logic-Programming-Based Verification Toolset
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
RULE BASED ANALYSIS OF COMPUTER SECURITY
RULE BASED ANALYSIS OF COMPUTER SECURITY
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Using data-independence in the analysis of intrusion detection systems
Theoretical Computer Science - Theoretical foundations of security analysis and design II
Minimum-cost network hardening using attack graphs
Computer Communications
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Xcellog: A deductive spreadsheet system
The Knowledge Engineering Review
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Implementing interactive analysis of attack graphs using relational databases
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
An OVAL-based active vulnerability assessment system for enterprise computer networks
Information Systems Frontiers
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
NetQi: A Model Checker for Anticipation Game
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
Extending Anticipation Games with Location, Penalty and Timeline
Formal Aspects in Security and Trust
Evaluating MAPSec by marking attack graphs
Wireless Networks
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Vulnerability analysis in VGBPS using Prolog
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
Using implied scenarios in security testing
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Computers and Electrical Engineering
Component security: issues and an approach
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Deductive spreadsheets using tabled logic programming
ICLP'06 Proceedings of the 22nd international conference on Logic Programming
Computer vulnerability evaluation using fault tree analysis
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Network vulnerability analysis through vulnerability take-grant model (VTG)
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
A model-based method for security configuration verification
IWSEC'06 Proceedings of the 1st international conference on Security
CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can be exploited to compromise their security. In this paper we describe a new approach to vulnerability analysis based on model checking. Our approach involves: • Formal specification of desired security properties. An example of such a property is "no ordinary user can overwrite system log files". • An abstract model of the system that captures its security-related behaviors. This model is obtained by composing models of system components such as the file system, privileged processes, etc. • A verification procedure that checks whether the abstract model satisfies the security properties, and if not, produces execution sequences (also called exploit scenarios) that lead to a violation of these properties. An important benefit of a model-based approach is that it can be used to detect known and as-yet-unknown vulnerabilities. This capability contrasts with previous approaches (such as those used in COPS and SATAN) which mainly address known vulnerabilities.This paper demonstrates our approach by modelling a simplified version of a UNIX-based system, and analyzing this system using model-checking techniques to identify nontrivial Vulnerabilities. A key contribution of this paper is to show that such an automated analysis is feasible in spite of the fact that the system models are infinite-state systems. Our techniques exploit some of the latest techniques in model-checking, such as constraint-based (implicit) representation of state-space, together with domain-specific optimizations that are appropriate in the context of vulnerability analysis.Clearly, a realistic UNIX system is much more complex than the one that we have modelled in this paper. Nevertheless, we believe that our results show automated and systematic vulnerability analysis of realistic systems to be feasible in the near future, as model-checking techniques continue to improve.