Network Vulnerability Analysis Through Vulnerability Take-Grant Model (VTG)

  • Hamid Reza Shahriari
  • Reza Sadoddin
  • Rasool Jalili
  • Reza Zakeri
  • Ali Reza Omidian
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3783)


Modeling and analysis of information system vulnerabilities helps us to predict possible attacks to networks using the network configuration and vulnerabilities information. As a fact, exploiting most of vulnerabilities result in access rights alteration. In this paper, we propose a new vulnerability analysis method based on the Take-Grant protection model. We extend the initial Take-Grant model to address the notion of vulnerabilities and introduce the vulnerabilities rewriting rules to specify how the protection state of the system can be changed by exploiting vulnerabilities. Our analysis is based on a bounded polynomial algorithm, which generates the closure of the Take-Grant graph regarding vulnerabilities. The closure helps to verify whether any subject can obtain an access right over an object. The application of our results have been examined in a case study which reveals how an attacker can gain an unauthorized access right by exploiting chain of vulnerabilities.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zerkle, D., Levitt, K.: NetKuang – A Muti-Host Configuration Vulnerability Checker. In: Proceedings of the sixth USENIX UNIX Security Symposium, San Jose, CA (1996)Google Scholar
  2. 2.
    Dacier, M., Deswarte, Y.: Privilege Graph: An Extension to the Typed Access Matrix Model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: Proceedings of IEEE Symposium on Security and Privacy, May 2001, pp. 156–165 (2001)Google Scholar
  4. 4.
    Ramakrishnan, C.R., Sekar, R.: Model-Based Analysis of Configuration Vulnerabilities. Journal of Computer Security 10(1/2), 189–209 (2002)Google Scholar
  5. 5.
    Shahriari, H.R., Jalili, R.: Using CSP to Model and Analyze Transmission Control Vulnerabilities within the Broadcast Network. In: Proceedings of the IEEE International Networking and Communication Conference (INCC 2004), June 2004, pp. 42–47 (2004)Google Scholar
  6. 6.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable Graph-Based Network Vulnerability Analysis. In: Proceedings of 9th ACM Conference on Computer and Communications Security, Washington, DC (November 2002)Google Scholar
  7. 7.
    Noel, S., O’Berry, B., Hutchinson, C., Jajodia, S., Keuthan, L., Nguyen, A.: Combinatorial Analysis of Network Security. In: Proceedings of the 16th Annual International Symposium on Aerospace/Defence Sensing, Simulation, and Controls, Orlando, Florida (April 2002)Google Scholar
  8. 8.
    Lipton, J.R., Snyder, L.: A Linear Time Algorithm for Deciding Security. In: Proc 17th Annual Symp. on the Foundations of Computer Science, October 1976, pp. 33–41 (1976)Google Scholar
  9. 9.
    Bishop, M.: Hierarchical Take-Grant Protection Systems. In: Proc. 8th Symp. on Operating Systems Principals, December 1981, pp. 107–123 (1981)Google Scholar
  10. 10.
    Jones, A.: Protection Mechanism Models: Their Usefulness. In: Foundations of Secure Computing, pp. 237–254. Academic Press, New York City (1978)Google Scholar
  11. 11.
    Snyder, L.: On the Synthesis and Analysis of Protection Systems. In: Proc. Sixth Symp. on Operating Systems Principals, November 1977, pp. 141–150 (1977)Google Scholar
  12. 12.
    Wu, M.: Hierarchical Protection Systems. In: Proc. 1981 Symp. on Security and Privacy, April 1981, pp. 113–123 (1981)Google Scholar
  13. 13.
    Bishop, M.: Conspiracy and Information Flow in the Take-Grant Protection Model. Journal of Computer Security 4(4), 331–360 (1996)Google Scholar
  14. 14.
    Frank, J., Bishop, M.: Extending The Take-Grant Protection System. Technical Report, Department of Computer Science, University of California at Davis (1996)Google Scholar
  15. 15.
    Derasion, R.: The Nessus Attack Scripting Language Reference Guide (2000), Available from
  16. 16.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (2002)Google Scholar
  17. 17.
    Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer Attack Graph Generation Tool. In: Proceedings of DARPA Information Survivability Conference & Exposition II (June 2001)Google Scholar
  18. 18.
    Ryan, P., Schneider, S.: Modeling and Analysis of Security Protocols - A CSP Approach. Addison-Wesley, Reading (2001)Google Scholar
  19. 19.
    Rohrmair, G., Lowe, G.: Using Data-Independence in the Analysis of Intrusion Detection Systems. In: Workshop on Issues in the Theory of Security (WITS 2003), Warsaw, Poland (April 2003)Google Scholar
  20. 20.
    Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, Dordrecht (2003)Google Scholar
  21. 21.
    Noel, S., Jajodia, S.: Managing Attack Graph Complexity through Visual Hierarchical Aggregation. In: Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security, Fairfax, Virginia (October 2004)Google Scholar
  22. 22.
    Shapiro, J.S.: The Practical Application of a Decidable Access Control Model. Technical Report SRL-2003-04, John Hopkins University (2003)Google Scholar
  23. 23.
    SANS Research Center: The SANS Top 20 Internet Security Vulnerabilities. Available from,
  24. 24.
    Lipton, J.R., Snyder, L.: A Linear Time Algorithm for Deciding Subject Security. J. ACM 24(3), 455–464 (1977)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hamid Reza Shahriari
    • 1
  • Reza Sadoddin
    • 1
  • Rasool Jalili
    • 1
  • Reza Zakeri
    • 1
  • Ali Reza Omidian
    • 1
  1. 1.Network Security Center, Department of Computer EngineeringSharif University of TechnologyTehranIran

Personalised recommendations