A Simple, Smart and Extensible Framework for Network Security Measurement

Cheng, Feng; Wolter, Christian; Meinel, Christoph

doi:10.1007/978-3-540-79499-8_41

Feng Cheng¹,
Christian Wolter^1,2 &
Christoph Meinel¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4990))

Included in the following conference series:

International Conference on Information Security and Cryptology

608 Accesses
1 Citations

Abstract

Several efficient tools have emerged to aim at auditing and measuring the security of a computer system or an internal network. Along with the increasing complexity of network attacks, these tools become more and more complicated. Even so, most of them can only do simple snapshot analysis of the current system and are incapable of identifying possible attacks whose preconditions are not fulfilled at the beginning but may be possible during the further attack progression. This paper proposes a new framework for the security measurement that commits complex attack sequences and does stateful inspection of the target environment. The framework consists of five core components: Information Gatherer, Knowledge Base, Interaction Agent, Evaluation Engine and User Interface. An easy-to-use tool, called SNAPP, is realized based on the proposed framework. The dependencies among each attack step in an attack sequence revealed by SNAPP can be easily expressed using Attack Graphs which assist to make security evaluations of the testing environment. Several experiments that actually simulate and perform some well known penetration attacks using SNAPP are presented and analyzed for comparison and measurement of current security methods, such as the conventional filtering-based firewalls and our patented Lock-Keeper technology, which is an implementation of the high-level security concept ”Physical Separation”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Tanenbaum, A.S.: Computer Networks, 4th edn. Prentice-Hall, Englewood Cliffs (2003)
Google Scholar
Internet Security Systems (ISS): Web Application Protection: Using Existing Protection Solutions. Technical White Paper, Atlanta, U.S.A (July 2002)
Google Scholar
Nessus Website (1998-2007), http://www.nessus.org
Core Impact Website (2003-2007), http://www.coresecurity.com
Metasploit Website (2003-2007), http://www.metasploit.com
SAINT Website (2007), http://www.saintcorporation.com
Cheng, F., Meinel, Ch.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)
Google Scholar
Lock-Keeper WebSite of Siemens Switzerland (2005-2007), http://www.siemens.ch
Jha, S., Wing, J.: Survivability Analysis of Networked Systems. In: Proceedings of the ICSE 2001, Toronto, Canada (May 2001)
Google Scholar
Sheyner, O.: Scenario Graphs and Attack Graphs. Ph.D. Dissertation, CMU-CS-04-122, Computer Science Department, Carnegie Mellon (April 2004)
Google Scholar
Deraison, R.: The Nessus Attack Scripting Language Reference Guide (2002)
Google Scholar
Caceres, M.: Syscall Proxying-Simulating Remote Execution, Technical Report, CORE SECURITY Technologies (2002)
Google Scholar
Trolltech: The Qt C++ Class Library (2006), http://www.trolltech.com
Novell Tech: Introducing SUSE Linux Enterprise 10 (2006), http://www.novell.com
packetstormsecurity.org: Packet Sniffer: Pdump (2000), http://www.packetstormsecurity.org/sniffers/pdump/
freshmeat.net: Arp Tools: ARP Discover, ARP Flood, and ARP Poison (2007), http://www.freshmeat.net/projects/arptools/
Insercure.org: Nmap Security (2007), http://www.insecure.org/nmap/
SoftiaCom: WMailserver (2007), http://www.softiacom.com
Netfilter.org: Netfilter - IP Tables (1999-2007), http://www.netfilter.org
Richardson, T., Stafford-Fraser, Q., et al.: Virtual Network Computing. IEEE Internet Computing 2(1), 33–38 (1998)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Hasso Plattner Institute (HPI), University of Potsdam, 14482, Potsdam, Germany
Feng Cheng, Christian Wolter & Christoph Meinel
SAP Research, , Vincenz-Priessnitz-Str. 1, 76131, Karlsruhe, Germany
Christian Wolter

Authors

Feng Cheng
View author publications
You can also search for this author in PubMed Google Scholar
Christian Wolter
View author publications
You can also search for this author in PubMed Google Scholar
Christoph Meinel
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Dingyi Pei Moti Yung Dongdai Lin Chuankun Wu

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cheng, F., Wolter, C., Meinel, C. (2008). A Simple, Smart and Extensible Framework for Network Security Measurement. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds) Information Security and Cryptology. Inscrypt 2007. Lecture Notes in Computer Science, vol 4990. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79499-8_41

Download citation

DOI: https://doi.org/10.1007/978-3-540-79499-8_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79498-1
Online ISBN: 978-3-540-79499-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics