Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

A Logical Framework for Evaluating Network Resilience Against Faults and Attacks

  • Conference paper
Advances in Computer Science – ASIAN 2007. Computer and Network Security (ASIAN 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4846))

Included in the following conference series:

  • 923 Accesses

Abstract

We present a logic-based framework to evaluate the resilience of computer networks in the face of incidents, i.e., attacks from malicious intruders as well as random faults. Our model uses a two-layered presentation of dependencies between files and services, and of timed games to represent not just incidents, but also the dynamic responses from administrators and their respective delays. We demonstrate that a variant TATL\(\Diamond\) of timed alternating-time temporal logic is a convenient language to express several desirable properties of networks, including several forms of survivability. We illustrate this on a simple redundant Web service architecture, and show that checking such timed games against the so-called TATL\(\Diamond\) variant of the timed alternating time temporal logic TATL is EXPTIME-complete.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alur, R., Henzinger, T.A., Kupferman, O.: Alternating-time temporal logic. J. ACM 49(5), 672–713 (2002)

    Article  MathSciNet  Google Scholar 

  2. Artz, M.: NetSPA : a Network Security Planning Architecture. PhD thesis, Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science (2002)

    Google Scholar 

  3. Balthrop, J., Forrest, S., Newman, M.E.J., Williamson, M.M.: Technological networks and the spread of computer viruses. science 304(23) (2004)

    Google Scholar 

  4. Brihaye, T., Henzinger, T.A., Raskin, J., Prabhu, V.: Minimum-time reachability in timed games. In: Asarin, E., Bouyer, P. (eds.) FORMATS 2006. LNCS, vol. 4202, Springer, Heidelberg (2006)

    Google Scholar 

  5. Church, A.: logic, arithmetics and automata. In: Congress of Mathematician, Institut Mittag-Leffler, pp. 23–35 (1962)

    Google Scholar 

  6. Colizza, V., Barrat, A., Barthelemy, M., Vespignani, A.: The modeling of global epidemics: stochastic dynamics and predictability. Bulletin of Mathematical Biology 68, 1893–1921 (2006)

    Article  MathSciNet  Google Scholar 

  7. de Alfaro, L., Faella, M., Henzinger, T., Majumdar, R., Stoelinga, M.: The element of surprise in timed games. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, Springer, Heidelberg (2003)

    Google Scholar 

  8. du net, J.: Bouygues telecom privé de réseau (2004)

    Google Scholar 

  9. Henzinger, T., Prabhu, V.: Timed alternating-time temporal logic. In: Asarin, E., Bouyer, P. (eds.) FORMATS 2006. LNCS, vol. 4202, pp. 1–18. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. ICANN. Dns attack factsheet. Technical report, ICANN (March 2007)

    Google Scholar 

  11. Jajodia, S.: Topological analysis of network attack vulnerability. In: ASIACCS 2007. Proceedings of the 2nd ACM symposium on Information, computer and communications security, Singapore, p. 2. ACM Press, New York (2007)

    Chapter  Google Scholar 

  12. Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: CSFW 2002. Proceedings of the 15th IEEE Computer Security Foundations Workshop, Washington, DC, USA, p. 49. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  13. Klensin, J.: Rfc 2821 - simple mail transfer protocol. Technical report, IETF Network Working Group (2001)

    Google Scholar 

  14. Lippmann, R., Webster, S., Stetson, D.: The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Maler, O., Pnueli, A., Sifakis, J.: On the synthesis of discrete controllers for timed systems (extended abstract). In: STACS 1995, pp. 229–242 (1995)

    Google Scholar 

  16. Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: POPL 1989. Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, Austin, Texas, United States, pp. 179–190. ACM Press, New York (1989)

    Chapter  Google Scholar 

  17. Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: SP 2000. Proceedings of the 2000 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 156. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  18. Saffre, F., Halloy, J., Deneubourg, J.L.: The ecology of the grid. In: ICAC 2005. Proceedings of the Second International Conference on Automatic Computing, Washington, DC, USA, pp. 378–379. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  19. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb?s journal (December 1999)

    Google Scholar 

  20. Schneier, B.: Secrets & Lies: Digital Security in a Networked World. Wiley, Chichester (2000)

    Google Scholar 

  21. Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. acsac 00: 61 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LSV, ENS Cachan, CNRS, INRIA,  

    Elie Bursztein & Jean Goubault-Larrecq

Authors
  1. Elie Bursztein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean Goubault-Larrecq
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Iliano Cervesato

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bursztein, E., Goubault-Larrecq, J. (2007). A Logical Framework for Evaluating Network Resilience Against Faults and Attacks. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76929-3_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76927-9

  • Online ISBN: 978-3-540-76929-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation