Thursday, January 17, 2008

Use Leopard OpenSnoop/DTrace for intrusion detection?

Leopard has this interesting program that let you see what files a program opens or tries to open:

Hidden Gems In Leopard: OpenSnoop - The Apple Blog

DTRace seems to be a good thing to use to monitor for possible intrusions.

Powered by ScribeFire.

Monday, January 14, 2008

PhD Thesis: A logic-programming approach to network security analysis

I have read this interesting PhD thesis called A logic-programming approach to network security analysis (2005) from Princeton University Computer Science Department. It is about modeling a network with respect to its security flaws. The model consists of logical statements written in Datalog that looks very similar to Prolog rules. The author captures the network topology, network and computer configurations and vulnerabilities in the model by analyzing a high-level security policy, the output from a scanner and firewall configurations.

From this model the author claims that he is able to do the following analysis (page 23):

  • checking network configurations against a high-level policy specification that captures data confidentiality and integrity,
  • hypothetical analysis that assumes various vulnerability situations, and
  • the generation of attack trees.