Modelling and Analysing Network Security Policies in a Given Vulnerability Setting

  • Roland Rieke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4347)


The systematic protection of critical information infrastructures requires an analytical process to identify the critical components and their interplay, to determine the threats and vulnerabilities, to assess the risks and to prioritise countermeasures where risk is unacceptable. This paper presents an integrated framework for model-based symbolic interpretation, simulation and analysis with a comprehensive approach focussing on the validation of network security policies. A graph of all possible attack paths is automatically computed from the model of an ICT network, of vulnerabilities, exploits and an attacker strategy. Constraints on this graph are given by a model of the network security policy. The impact of changes to security policies can be computed and visualised by finding differences in the attack graphs. A unique feature of the presented approach is, that abstract representations of these graphs can be computed that allow comparison of focussed views on the behaviour of the system. This guides optimal adaptation of the security policy to the given vulnerability setting.


threats analysis attack simulation critical infrastructure protection network security policies risk assessment security modelling and simulation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rieke, R.: Tool based formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities utilising Attack Graph Exploration. In: Gattiker, U.E. (ed.) Eicar 2004 Conference CD-rom: Best Paper Proceedings, Copenhagen, EICAR e.V (2004)Google Scholar
  2. 2.
    Phillips, C.A., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW 1998, Proceedings of the 1998 Workshop on New Security Paradigms, Charlottsville, VA, USA, September 22-25, pp. 71–79. ACM Press, New York (1998)CrossRefGoogle Scholar
  3. 3.
    Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), Anaheim, California, June 12-14, vol. 2, pp. 1307–1321. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  4. 4.
    Jha, S., Sheyner, O., Wing, J.M.: Two formal analyses of attack graphs. In: 15th IEEE Computer Security Foundations Workshop (CSFW-15 2002), Cape Breton, Nova Scotia, Canada, June 24-26, pp. 49–63. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  5. 5.
    Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: 2002 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 12-15, pp. 273–284. IEEE Comp. Soc. Press, Los Alamitos (2002)CrossRefGoogle Scholar
  6. 6.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 217–224. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 109–118. ACM Press, New York (2004)CrossRefGoogle Scholar
  8. 8.
    Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple Coordinated Views for Network Attack Graphs. In: IEEE Workshop on Visualization for Computer Security (VizSec 2005). IEEE Computer Society, Los Alamitos (2005)Google Scholar
  9. 9.
    Kotenko, I., Stepashkin, M.: Analyzing Network Security using Malefactor Action Graphs. International Journal of Computer Science and Network Security 6 (2006)Google Scholar
  10. 10.
    Morin, B., Mé, L., Debar, H., Ducassé, M.: M2d2: A formal data model for ids alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115–137. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust (FAST) (2004)Google Scholar
  12. 12.
    Ochsenschläger, P., Repp, J., Rieke, R., Nitsche, U.: The SH-Verification Tool Abstraction-Based Verification of Co-operating Systems. Formal Aspects of Computing. The International Journal of Formal Method 11, 1–24 (1999)Google Scholar
  13. 13.
    Ochsenschläger, P., Repp, J., Rieke, R.: The SH-Verification Tool. In: Proc. 13th International FLorida Artificial Intelligence Research Society Conference (FLAIRS 2000), Orlando, FL, USA, pp. 18–22. AAAI Press, Menlo Park (2000)Google Scholar
  14. 14.
    Schiffmann, M.: A Complete Guide to the Common Vulnerability Scoring System (CVSS) (2005),
  15. 15.
    Ochsenschläger, P., Repp, J., Rieke, R.: Verification of Cooperating Systems – An Approach Based on Formal Languages. In: Proc. 13th International FLorida Artificial Intelligence Research Society Conference (FLAIRS 2000), Orlando, FL, USA, pp. 346–350. AAAI Press, Menlo Park (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Roland Rieke
    • 1
  1. 1.Fraunhofer Institute for Secure Information Technology SITDarmstadtGermany

Personalised recommendations