A Model-Based Method for Security Configuration Verification

  • Hiroshi Sakaki
  • Kazuo Yanoo
  • Ryuichi Ogawa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4266)


Various kinds of access control mechanisms have been employed in today’s computer systems to protect confidential information. Since high expertise is required for the system configuration maintenance, detecting vulnerabilities due to configuration errors is a difficult task. In this paper, we propose a model-based configuration verification method that can find complex errors of two major access control mechanisms, network packet filtering and file access control. This method constructs an information flow model using the configurations of the two mechanisms and verifies whether the system is configured to suffice access policies defined by system administrators. Through the development of a prototype system and its experimental use, we confirmed that the proposed method could discover configuration errors of Web servers that might cause information leakage.


Access Control Information Leakage Access Policy Policy Editor Access Control Mechanism 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hosomi, H.S., Ogawa, R.: An Information Leakage Risk Evaluation Method Based on Sensitive Document Detection and Security Configuration Validation (2) Sensitive Document Detection with Text and Structure Analysis. In: The 67th National Convention of IPSJ (2005) (in Japanese)Google Scholar
  2. 2.
    Okajo, S., Matsuda, K., Ogawa, R.: A Policy Description Language for Policy-based Security Management. 2004-CSEC-027 2004(129) (December 2004) (in Japanese)Google Scholar
  3. 3.
    Nessus Vulnerability Scanner, http://www.nessus.org/
  4. 4.
  5. 5.
  6. 6.
    Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 workshop on New security paradigms, pp. 71–79 (1998)Google Scholar
  7. 7.
    Ramakrishnan, C.R., Sekar, R.: Model-based Analysis of Configuration Vulnerabilities. Journal of Computer Security 10(1-2/2002), 189–209 (2003)Google Scholar
  8. 8.
    Cheung, S., Lindqvist, U., Fong, M.W.: Modeling Multistep Cyber Attacks for Scenario Recognition. In: Proceedings of the Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C, April 22–24, vol. I, pp. 284–292 (2003)Google Scholar
  9. 9.
    Bhatt, S., Horne, W., Pato, J., Rajagopalan, S.R., Rao, P.: Model-based validation of enterprise access policies, HPL-20050152(R.1) (2006)Google Scholar
  10. 10.
    Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL:A Logic-based Network Security Analyzer. In: 14th Usenix Security Symposium (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hiroshi Sakaki
    • 1
  • Kazuo Yanoo
    • 1
  • Ryuichi Ogawa
    • 1
  1. 1.Internet Systems Research LaboratoriesNEC CorporationKawasakiJapan

Personalised recommendations