I have read this interesting PhD thesis called A logic-programming approach to network security analysis (2005) from Princeton University Computer Science Department. It is about modeling a network with respect to its security flaws. The model consists of logical statements written in Datalog that looks very similar to Prolog rules. The author captures the network topology, network and computer configurations and vulnerabilities in the model by analyzing a high-level security policy, the output from a scanner and firewall configurations.
From this model the author claims that he is able to do the following analysis (page 23):
- checking network configurations against a high-level policy specification that captures data confidentiality and integrity,
- hypothetical analysis that assumes various vulnerability situations, and
- the generation of attack trees.
