FORMAL ANALYSIS METHODS OF NETWORK SECURITY DESIGN

Mariusz Stawowski

2007

Abstract

An assessment of network security design correctness requires an analysis of many aspects, e.g. security zones correctness, access control protection layers as well as protections tightness against intrusions. Using formal methods based on graph theory in medium up to large-scale networks can greatly speed up and improve accuracy of performing security analysis. The analysis models and methods described in this document allow for quick identification of network security design errors resulted from breaking the “Compartmentalization of Information” and the “Defense-in-Depth” security principles, checking if protections used allow for security incidents handling as well as verification of many other security aspects. The analysis methods developed here can be used during network security design process and also for security assessment of existing computer information systems.

References

  1. DISA, 2003. Infrastructure Security Technical Implementation Guide, US Defense Information Systems Agency.
  2. FCC, 2001. Computer Security Incident Response Guide, US Federal Communications Commission.
  3. Noel, S., Jacobs, M., Kalapa, P., Jajodia, S., Multiple Coordinated Views for Network Attack Graphs, 2005. In Proceedings of the Workshop on Visualization for Computer Security. Minneapolis, Minnesota.
  4. NSA, 2000. Defense in Depth - A practical strategy for achieving Information Assurance in today's highly networked environments, NSA.
  5. Phillips, C., Swiler, L., 1998. A Graph-Based NetworkVulnerability Analysis System. In Proceedings of the New Security Paradigms Workshop. Charlottesville, VA.
  6. Stang, T.H., Pourbayat, F., 2003. Measuring privacy using network topology, Oslo University College.
  7. Stawowski, M., 2006. The Principles and Good Practices for Intrusion Prevention systems Design, CLICO.
  8. Stoneburner, G., Hayden, C., Feringa, A., 2004. Engineering Principles for Information Technology Security, NIST.
  9. Straub, K.R., 2003. Information Security Managing Risk with Defense in Depth, SANS Institute.
  10. Zimmerman, S.C., 2001. Secure Infrastructure Design, CERT Coordination Center.
Download


Paper Citation


in Harvard Style

Stawowski M. (2007). FORMAL ANALYSIS METHODS OF NETWORK SECURITY DESIGN . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 313-318. DOI: 10.5220/0002118903130318


in Bibtex Style

@conference{secrypt07,
author={Mariusz Stawowski},
title={FORMAL ANALYSIS METHODS OF NETWORK SECURITY DESIGN},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={313-318},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002118903130318},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - FORMAL ANALYSIS METHODS OF NETWORK SECURITY DESIGN
SN - 978-989-8111-12-8
AU - Stawowski M.
PY - 2007
SP - 313
EP - 318
DO - 10.5220/0002118903130318