NSDF: a computer network system description framework and its application to network security

Authors:
Juan M. Estévez-Tapiador;Pedro García-Teodoro;Jesús E. Díaz-Verdejo
Affiliations:
Research Group on Signals, Telematics and Communications, Department of Electronics and Computer Technology, University of Granada, E.T.S. Ingeniería Informática, C/Daniel Saucedo Aranda ...;Research Group on Signals, Telematics and Communications, Department of Electronics and Computer Technology, University of Granada, E.T.S. Ingeniería Informática, C/Daniel Saucedo Aranda ...;Research Group on Signals, Telematics and Communications, Department of Electronics and Computer Technology, University of Granada, E.T.S. Ingeniería Informática, C/Daniel Saucedo Aranda ...
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2003

Citing 15
Cited 0

A relational approach to monitoring complex systems

ACM Transactions on Computer Systems (TOCS)
Protection imperfect: the security of some computing environments

ACM SIGOPS Operating Systems Review
Software testing techniques (2nd ed.)

Software testing techniques (2nd ed.)
Computer security basics

Computer security basics
Fundamentals of computer security technology

Fundamentals of computer security technology
A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
Protection and security on the information superhighway

Protection and security on the information superhighway
Classification and detection of computer intrusions

Classification and detection of computer intrusions
An analysis of security incidents on the Internet 1989-1995

An analysis of security incidents on the Internet 1989-1995
Intrusion Detection

Intrusion Detection
The IEEE Standard Dictionary of Electrical and Electronics Terms

The IEEE Standard Dictionary of Electrical and Electronics Terms
The Open Modeling Language (Oml) Reference Manual

The Open Modeling Language (Oml) Reference Manual
ANML: A Language for Describing Networks

MASCOTS '01 Proceedings of the Ninth International Symposium in Modeling, Analysis and Simulation of Computer and Telecommunication Systems
How to Systematically Classify Computer Security Intrusions

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior

Intrusion damage control and assessment: a taxonomy and implementation of automated responses to intrusive behavior

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work a general framework, termed NSDF, for describing network systems is proposed. Basic elements of this scheme are entities and the relationships established between them. Both entities and relationships are the basis underlying the concept of system state. The dynamics of a network system can be conceived of as a trajectory in the state space. The term action is used to describe every event which can produce a transition from one state to another.These concepts (entity, relationship, state, and action) are enough to construct a model of the system. Evolution and dynamism are easily captured, and it is possible to monitor the behaviour of the system. With the aim of illustrating the use of the proposed framework, a network state description language derived from NSDF, termed RENDL, is also specified.An immediate application of this framework concerns the network security field. It is shown that concepts like security policing of the site, insecure states, intrusive activities and intrusion response mechanisms can be modelled well. Thus, some imprecise terms used in the security context can be expressed in a uniform, precise way within this framework. Formalizing the above concepts allows us to introduce a generic model to classify currently presented taxonomies related to intrusive activities in network systems. This provides a general context for a better understanding of security flaws and how to develop effective defenses.