首页> 外文会议>Computer aided verification >Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems

【24h】

Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems

机译：使用参数化系统查找网络协议中的安全漏洞

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper presents a novel approach to automatically finding security vulnerabilities in the routing protocol OSPF - the most widely used protocol for Internet routing. We start by modeling OSPF on (concrete) networks with a fixed number of routers in a specific topology. By using the model checking tool CBMC, we found several simple, previously unpublished attacks on OSPF. In order to search for attacks in a family of networks with varied sizes and topologies, we define the concept of an abstract network which represents such a family. The abstract network A has the property that if there is an attack on A then there is a corresponding attack on each of the (concrete) networks represented by A. The attacks we have found on abstract networks reveal security vulnerabilities in the OSPF protocol, which can harm routing in huge networks with complex topologies. Finding such attacks directly on the huge networks is practically impossible. Abstraction is therefore essential. Further, abstraction enables showing that the attacks are general. That is, they are applicable in a large (even infinite) number of networks. This indicates that the attacks exploit fundamental vulnerabilities, which are applicable to many configurations of the network.

机译：本文提出了一种新颖的方法，该方法可以自动找到路由协议OSPF（路由最广泛的Internet路由协议）中的安全漏洞。我们从在特定拓扑中使用固定数量的路由器在（具体）网络上对OSPF建模开始。通过使用模型检查工具CBMC，我们发现了针对OSPF的几种简单的，以前未发布的攻击。为了在具有不同大小和拓扑的网络家族中搜索攻击，我们定义了代表此类家族的抽象网络的概念。抽象网络A具有以下属性：如果对A进行了攻击，那么对以A表示的每个（具体）网络都将进行相应的攻击。我们在抽象网络上发现的攻击揭示了OSPF协议中的安全漏洞，会损害具有复杂拓扑的大型网络中的路由。在大型网络上直接发现此类攻击几乎是不可能的。因此，抽象是必不可少的。此外，抽象使得能够证明攻击是普遍的。也就是说，它们适用于大量（甚至无限）的网络。这表明攻击利用了基本漏洞，这些漏洞适用于网络的许多配置。

著录项

来源
《Computer aided verification》|2013年|724-739|共16页
会议地点 Saint Petersburg(RU)
作者
Adi Sosnovich; Orna Grumberg; Gabi Nakibly;
展开▼
作者单位

Computer Science Department, Technion, Haifa, Israel;

Computer Science Department, Technion, Haifa, Israel;

National EW Research and Simulation Center, Rafael, Haifa, Israel;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification [J] . S. Grizalis, D. Spinellis, P. Georgiadis Computer Communications . 1999,第8期

机译：开放网络和分布式系统上的安全协议：用于分析，设计和验证的正式方法
2. Security and Vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks [J] . HyungJunKim International Journal of Distributed Sensor Networks . 2012,第6期

机译：基于IP的无线传感器网络上SCADA系统的安全性和漏洞
3. Parameterized synthesis of self-stabilizing protocols in symmetric networks [J] . Mirzaie Nahal, Faghih Fathiyeh, Jacobs Swen, Acta Informatica . 2020,第1a2期

机译：对称网络中自稳定协议的参数化综合
4. Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems [C] . Adi Sosnovich, Orna Grumberg, Gabi Nakibly CAV 2013 . 2013

机译：使用参数化系统在网络协议中查找安全漏洞
5. Formal verification of parameterized protocols on branching networks. [D] . Jones, Michael David. 2001

机译：分支网络上参数化协议的形式验证。
6. Bluetooth Low Energy Mesh Networks: Survey of Communication and Security Protocols [O] . Muhammad Rizwan Ghori, Tat-Chee Wan, Gian Chand Sodhy 2020

机译：蓝牙低功耗网状网络：通信和安全协议概述
7. Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification [O] . S. Gritzalisa, D. Spinellisc, P. Georgiadisd 2014

机译：开放网络和分布式系统上的安全协议：用于分析，设计和验证的正式方法
8. Secure Data Network System (SDNS) Network, Transport, and Message Security Protocols [R] . Dinkel, C. 1990

机译：安全数据网络系统（sDNs）网络，传输和消息安全协议

Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems

摘要

著录项

相似文献

相关主题

期刊订阅