Hello,
I am looking for a theoretical models which can allow me to model
network security (just as we use ~rsndom graphs to model Internet
topology, I want to get a model where I could model basic security
stuff). I would be grateful for any info about such papers...
Regards, Mark
In article <1137018226.445074.254420@g14g2000cwa.googlegroups.com>,
mark
>I am looking for a theoretical models which can allow me to model
>network security (just as we use ~rsndom graphs to model Internet
>topology, I want to get a model where I could model basic security
>stuff). I would be grateful for any info about such papers...
It appears to me that you are using two different meanings for 'model'.
A "theoretical model" is a description of how something is postulated
to work, or of how it is postulated to be calculable, or of how
one could build a framework that would describe the item given
parameters.
To use random graphs to "model" internet topologies is to engage
in the simulation of the behaviour of a particular topology.
When you say that you want to "model network security", it isn't
clear whether you are trying to
a) find or construct a description of how network security generally works
(or can fail to work); or
b) find or construct a description of how network security works (or
doesn't) given particular parameters (e.g., think of applying queueing
theory to a particular situation); or
c) undertake simulations of some aspects of network security.
When the question was asked a few days ago, the respondants interpretted
"model" in the sense of descriptive frameworks, and referred off
to Orange Book and Common Criteria and similar.
Your reference to random graphs this time suggests you are thinking
along rather different lines.
What kind of simulation were you thinking of? Something along the
lines of "generate a random configuration of hosts and IPs and
connectivity, and routers and NAT devices and firewalls, and decide
whether that particular configuration has any security holes" ?
Firewall configures get big quickly, and the task becomes much
like the task of proving program correctness (because redirection or
looping of packets is legal... and necessary for e.g., proxy or
hub-and-spoke systems.)
Hello,
> It appears to me that you are using two different meanings for 'model'.
> A "theoretical model" is a description of how something is postulated
> to work, or of how it is postulated to be calculable, or of how
> one could build a framework that would describe the item given
> parameters.
Yes, that's what I understand as a model - just theoretical
(mathematical:)) model which describe the behaviour of the network
under attack (viruses, worms, spam). I just want to analyse it
theoretically and (later on) build some framework to simulate different
techniques of attacks and defense (or just measure the network state
while attacking).
Actually I am looking for a different approaches to such problems. I
found some papers describing it by using game theory, petri nets &
immunology systems. I want to make a better view on the whole problem,
so I am looking different models based on other assumptions :).
Regards, Mark