MulVAL: a logic-based network security analyzer
作者: Sudhakar Govindavajhala , Xinming Ou , Andrew W. Appel
DOI:
关键词:
摘要: To determine the security impact software vulnerabilities have on a particular network, one must consider interactions among multiple network elements. For vulnerability analysis tool to be useful in practice, two features are crucial. First, model used able automatically integrate formal specifications from bug-reporting community. Second, scale networks with thousands of machines. We show how achieve these goals by presenting MulVAL, an end-to-end framework and reasoning system that conducts multihost, multistage network. MulVAL adopts Datalog as modeling language for elements (bug specification, configuration description, rules, operating-system permission privilege model, etc.). We easily leverage existing vulnerability-database scanning tools expressing their output feeding it our engine. Once information is collected, can performed seconds implemented Red Hat Linux platform. Our reason about 84% bugs reported OVAL, definition language. tested real hundreds users. The detected policy violation caused administrators took remediation measures.
princeton.edu
acm.org 参考文章(24)
Dominic G. Lucchetti, Peter M. Chen, Zhuoqing Morley Mao, Samuel T. King, Enriching Intrusion Alerts Through Multi-Host Causality. network and distributed system security symposium. ,(2005)
Eugene H. Spafford, Daniel Farmer, The COPS Security Checker System USENIX Summer. pp. 165- 170 ,(1990)
C.R. Ramakrishnan, R. Sekar, Model-based analysis of configuration vulnerabilities Journal of Computer Security. ,vol. 10, pp. 189- 209 ,(2002) , 10.3233/JCS-2002-101-209
Giridhar Pemmasani, Hai-Feng Guo, Yifei Dong, C. R. Ramakrishnan, I. V. Ramakrishnan, Online Justification for Tabled Logic Programs international symposium on functional and logic programming. pp. 24- 38 ,(2004) , 10.1007/978-3-540-24754-8_4
Karl Levitt, Dan Zerkle, NetKuang: a multi-host configuration vulnerability checker usenix security symposium. pp. 20- 20 ,(1996)
Prasad Rao, Konstantinos Sagonas, Terrance Swift, David S. Warren, Juliana Freire, XSB: A System for Effciently Computing WFS international conference on logic programming. pp. 431- 441 ,(1997) , 10.1007/3-540-63255-7_33
J. DeTreville, Binder, a logic-based security language ieee symposium on security and privacy. pp. 105- 113 ,(2002) , 10.1109/SECPRI.2002.1004365
Y. Bartal, A. Mayer, K. Nissim, A. Wool, Firmato: a novel firewall management toolkit ieee symposium on security and privacy. pp. 17- 31 ,(1999) , 10.1109/SECPRI.1999.766714
Evgeny Dantsin, Thomas Eiter, Georg Gottlob, Andrei Voronkov, Complexity and expressive power of logic programming ACM Computing Surveys. ,vol. 33, pp. 374- 425 ,(2001) , 10.1145/502807.502810
Allen Van Gelder, Kenneth Ross, John S. Schlipf, Unfounded sets and well-founded semantics for general logic programs symposium on principles of database systems. pp. 221- 230 ,(1988) , 10.1145/308386.308444