DMCA
Mulval: A logic-based network security analyzer (2005)
Cached
Download Links
- [www.cs.princeton.edu]
- [cis.ksu.edu]
- [www.cis.ksu.edu]
- [www.cs.princeton.edu]
- [cis.ksu.edu]
- [people.cis.ksu.edu]
- [people.cis.ksu.edu]
- [people.cis.ksu.edu]
- [www.cse.usf.edu]
- [people.cis.ksu.edu]
- [ants.iis.sinica.edu.tw]
- [www.usenix.org]
- [static.usenix.org]
- [static.usenix.org]
- [static.usenix.org]
- [www.usenix.org]
- [www.usenix.org]
- [www.usenix.org]
- [www.usenix.org]
- [www.cs.princeton.edu]
- [www.cs.princeton.edu:80]
- [www.cs.princeton.edu]
| Venue: | In 14th USENIX Security Symposium |
| Citations: | 101 - 19 self |
BibTeX
@INPROCEEDINGS{Ou05mulval:a,
author = {Xinming Ou and Sudhakar Govindavajhala},
title = {Mulval: A logic-based network security analyzer},
booktitle = {In 14th USENIX Security Symposium},
year = {2005},
pages = {113--128}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
To determine the security impact software vulnerabilities have on a particular network, one must consider interactions among multiple network elements. For a vulnerability analysis tool to be useful in practice, two features are crucial. First, the model used in the analysis must be able to automatically integrate formal vulnerability specifications from the bug-reporting community. Second, the analysis must be able to scale to networks with thousands of machines. We show how to achieve these two goals by presenting MulVAL, an end-to-end framework and reasoning system that conducts multihost, multistage vulnerability analysis on a network. MulVAL adopts Datalog as the modeling language for the elements in the analysis (bug specification, configuration description, reasoning rules, operating-system permission and privilege model, etc.). We easily leverage existing vulnerability-database and scanning tools by expressing their output in Datalog and feeding it to our MulVAL reasoning engine. Once the information is collected, the analysis can be performed in seconds for networks with thousands of machines. We implemented our framework on the Red Hat Linux platform. Our framework can reason about 84 % of the Red Hat bugs reported in OVAL, a formal vulnerability definition language. We tested our tool on a real network with hundreds of users. The tool detected a policy violation caused by software vulnerabilities and the system administrators took remediation measures. 1
Keyphrases
logic-based network security analyzer bug-reporting community modeling language multistage vulnerability analysis remediation measure policy violation red hat linux platform formal vulnerability specification software vulnerability mulval reasoning engine scanning tool configuration description particular network red hat bug security impact software vulnerability formal vulnerability definition language multiple network element operating-system permission vulnerability analysis tool bug specification real network system administrator end-to-end framework privilege model
