|
|||||
|
|
Vulnerability analysis of networks to detect multiphase attacks using the actor-based language Rebeca |
|
| Authors: | Hamid Reza Shahriari [Author Vitae] Mohammad Sadegh Makarem [Author Vitae] Rasool Jalili [Author Vitae] |
| Affiliation: | a Department of Computer Engineering, Sharif University of Technology, Azadi Avenue, Tehran, Iran b Department of Electrical and Computer Engineering, University of Tehran, Kargar Street, Tehran, Iran c School of Computer Science, Institute for Studies in Theoretical Physics and Mathematics, Niavaran Square, Tehran, Iran |
| Abstract: | Increasing use of networks and their complexity make the task of security analysis more and more complicated. Accordingly, automatic verification approaches have received more attention recently. In this paper, we investigate applying of an actor-based language based on reactive objects for analyzing a network environment communicating via Transport Protocol Layer (TCP). The formal foundation of the language and available tools for model checking provide us with formal verification support. Having the model of a typical network including client and server, we show how an attacker may combine simple attacks to construct a complex multiphase attack. We use Rebeca language to model the network of hosts and its model checker to find counter-examples as violations of security of the system. Some simple attacks have been modeled in previous works in this area, here we detect these simple attacks in our model and then verify the model to find more complex attacks which may include simpler attacks as their steps. We choose Rebeca because of its powerful yet simple actor-based paradigm in modeling concurrent and distributed systems. As the real network environment is asynchronous and event-based, Rebeca can be utilized to specify and verify the asynchronous systems, including network protocols. |
| Keywords: | Security analysis Vulnerability analysis Actor Model checking Rebeca language |
| 本文献已被 ScienceDirect 等数据库收录! | |
