Formal proof of security algorithms based on reachability reduction

This work is motivated by the rapid increase of the number of attacks in computer networks and software engineering. In this paper we study identity snowball attacks and formally prove the correctness of suggested solutions to this type of attack (solutions that are based on the graph reachability reduction) using a proof assistant. We propose a model of an attack graph that captures technical informations about the calculation of reachability of the graph. The model has been implemented with the proof assistant PVS 6.0 (Prototype Verification System). It makes it possible to prove algorithms of reachability reduction such as Sparsest_cut.

[1]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  Akihiko Yokoyama,et al.  Maximum allowable distributed generation considering fault ride through requirement and reach reduction of utility relay , 2012, 2012 10th International Power & Energy Conference (IPEC).

[3]  Diptikalyan Saha,et al.  Extending logical attack graphs for efficient vulnerability analysis , 2008, CCS.

[4]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[5]  John Dunagan,et al.  Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs , 2009, SOSP '09.

[6]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  John Dunagan,et al.  Active Graph Reachability Reduction for Network Security and Software Engineering , 2011, IJCAI.

[8]  Farhad Shahrokhi,et al.  Sparsest cuts and bottlenecks in graphs , 1990, Discret. Appl. Math..

[9]  Mihalis Yannakakis,et al.  Approximate Max-Flow Min-(Multi)Cut Theorems and Their Applications , 1996, SIAM J. Comput..

[10]  J. A. Sjogren,et al.  A PVS Graph Theory Library , 1998 .

[11]  Hanpin Wang,et al.  A practical method to analyze workflow logic models , 2008, Concurr. Comput. Pract. Exp..

[12]  You Li,et al.  Loop reduction techniques for reachability analysis of linear hybrid automata , 2012, Science China Information Sciences.

[13]  S. Bharath,et al.  Attack Graphs for EPCglobal RFID , 2007, 2007 IEEE Region 5 Technical Conference.

[14]  Mohammad Taghi Hajiaghayi,et al.  On the max-flow min-cut ratio for directed multicommodity flows , 2006, Theor. Comput. Sci..

[15]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[16]  César A. Muñoz,et al.  Advanced Theorem Proving Techniques in PVS and Applications , 2011, LASER Summer School.