Monday, January 14, 2008

PhD Thesis: A logic-programming approach to network security analysis

I have read this interesting PhD thesis called A logic-programming approach to network security analysis (2005) from Princeton University Computer Science Department. It is about modeling a network with respect to its security flaws. The model consists of logical statements written in Datalog that looks very similar to Prolog rules. The author captures the network topology, network and computer configurations and vulnerabilities in the model by analyzing a high-level security policy, the output from a scanner and firewall configurations.

From this model the author claims that he is able to do the following analysis (page 23):

  • checking network configurations against a high-level policy specification that captures data confidentiality and integrity,
  • hypothetical analysis that assumes various vulnerability situations, and
  • the generation of attack trees.


Term Papers said...

I have been visiting various blogs for my term papers writing research. I have found your blog to be quite useful. Keep updating your blog with valuable information... Regards

prolix said...

Really i am very impressed from this post.. just awesome...i haven’t any word to appreciate this post. Intrusion Detection