Abstract
Several efficient tools have emerged to aim at auditing and measuring the security of a computer system or an internal network. Along with the increasing complexity of network attacks, these tools become more and more complicated. Even so, most of them can only do simple snapshot analysis of the current system and are incapable of identifying possible attacks whose preconditions are not fulfilled at the beginning but may be possible during the further attack progression. This paper proposes a new framework for the security measurement that commits complex attack sequences and does stateful inspection of the target environment. The framework consists of five core components: Information Gatherer, Knowledge Base, Interaction Agent, Evaluation Engine and User Interface. An easy-to-use tool, called SNAPP, is realized based on the proposed framework. The dependencies among each attack step in an attack sequence revealed by SNAPP can be easily expressed using Attack Graphs which assist to make security evaluations of the testing environment. Several experiments that actually simulate and perform some well known penetration attacks using SNAPP are presented and analyzed for comparison and measurement of current security methods, such as the conventional filtering-based firewalls and our patented Lock-Keeper technology, which is an implementation of the high-level security concept ”Physical Separation”.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tanenbaum, A.S.: Computer Networks, 4th edn. Prentice-Hall, Englewood Cliffs (2003)
Internet Security Systems (ISS): Web Application Protection: Using Existing Protection Solutions. Technical White Paper, Atlanta, U.S.A (July 2002)
Nessus Website (1998-2007), http://www.nessus.org
Core Impact Website (2003-2007), http://www.coresecurity.com
Metasploit Website (2003-2007), http://www.metasploit.com
SAINT Website (2007), http://www.saintcorporation.com
Cheng, F., Meinel, Ch.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)
Lock-Keeper WebSite of Siemens Switzerland (2005-2007), http://www.siemens.ch
Jha, S., Wing, J.: Survivability Analysis of Networked Systems. In: Proceedings of the ICSE 2001, Toronto, Canada (May 2001)
Sheyner, O.: Scenario Graphs and Attack Graphs. Ph.D. Dissertation, CMU-CS-04-122, Computer Science Department, Carnegie Mellon (April 2004)
Deraison, R.: The Nessus Attack Scripting Language Reference Guide (2002)
Caceres, M.: Syscall Proxying-Simulating Remote Execution, Technical Report, CORE SECURITY Technologies (2002)
Trolltech: The Qt C++ Class Library (2006), http://www.trolltech.com
Novell Tech: Introducing SUSE Linux Enterprise 10 (2006), http://www.novell.com
packetstormsecurity.org: Packet Sniffer: Pdump (2000), http://www.packetstormsecurity.org/sniffers/pdump/
freshmeat.net: Arp Tools: ARP Discover, ARP Flood, and ARP Poison (2007), http://www.freshmeat.net/projects/arptools/
Insercure.org: Nmap Security (2007), http://www.insecure.org/nmap/
SoftiaCom: WMailserver (2007), http://www.softiacom.com
Netfilter.org: Netfilter - IP Tables (1999-2007), http://www.netfilter.org
Richardson, T., Stafford-Fraser, Q., et al.: Virtual Network Computing. IEEE Internet Computing 2(1), 33–38 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, F., Wolter, C., Meinel, C. (2008). A Simple, Smart and Extensible Framework for Network Security Measurement. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds) Information Security and Cryptology. Inscrypt 2007. Lecture Notes in Computer Science, vol 4990. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79499-8_41
Download citation
DOI: https://doi.org/10.1007/978-3-540-79499-8_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79498-1
Online ISBN: 978-3-540-79499-8
eBook Packages: Computer ScienceComputer Science (R0)