Using model checking to analyze network vulnerabilities
作者: R.W. Ritchey , P. Ammann
DOI: 10.1109/SECPRI.2000.848453
关键词: Software bug 、 Model checking 、 Computer security 、 Host (network) 、 Context (language use) 、 Exploit 、 Computer science 、 Network security 、 National security 、 Secure coding 、 Vulnerability 、 Test case
摘要: … address vulnerabilities in the context of a single host. In this paper we address vulnerabilities … We encode the vulnerabilities in a state machine description suitable for a model checker …
computer.org
acm.org
ieeecomputersociety.org参考文章(7)
Karl Levitt, Dan Zerkle, NetKuang: a multi-host configuration vulnerability checker usenix security symposium. pp. 20- 20 ,(1996)
J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, L.J. Hwang, Symbolic model checking: 10/sup 20/ states and beyond logic in computer science. ,vol. 98, pp. 142- 170 ,(1990) , 10.1016/0890-5401(92)90017-A
G.J. Holzmann, The model checker SPIN formal methods in software practice. ,vol. 23, pp. 279- 295 ,(1997) , 10.1109/32.588521
A. Mayer, A. Wool, E. Ziskind, Fang: a firewall analysis engine ieee symposium on security and privacy. pp. 177- 187 ,(2000) , 10.1109/SECPRI.2000.848455
J.C. Mitchell, M. Mitchell, U. Stern, Automated analysis of cryptographic protocols using Mur/spl phi/ ieee symposium on security and privacy. pp. 141- 151 ,(1997) , 10.1109/SECPRI.1997.601329
Richard J. Anderson, Paul Beame, Steve Burns, William Chan, Francesmary Modugno, David Notkin, Jon D. Reese, Model checking large software specifications Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering - SIGSOFT '96. ,vol. 24, pp. 156- 166 ,(1996) , 10.1145/239098.239127
O. Grumberg, E. Clarke, D. Long, Model checking Proceedings of the NATO Advanced Study Institute on Deductive program design. pp. 305- 349 ,(1996)