Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
MulVAL: A Logic-based Network Security Analyzer Xinming Ou Sudhakar Govindavajhala Andrew W. Appel
 

Summary: MulVAL: A Logic-based Network Security Analyzer
Xinming Ou Sudhakar Govindavajhala Andrew W. Appel
Princeton University
{xou, sudhakar, appel}@cs.princeton.edu
Abstract
To determine the security impact software vulnerabilities
have on a particular network, one must consider interac-
tions among multiple network elements. For a vulnera-
bility analysis tool to be useful in practice, two features
are crucial. First, the model used in the analysis must be
able to automatically integrate formal vulnerability spec-
ifications from the bug-reporting community. Second,
the analysis must be able to scale to networks with thou-
sands of machines.
We show how to achieve these two goals by present-
ing MulVAL, an end-to-end framework and reasoning
system that conducts multihost, multistage vulnerability
analysis on a network. MulVAL adopts Datalog as the
modeling language for the elements in the analysis (bug
specification, configuration description, reasoning rules,

  

Source: Appel, Andrew W. - Department of Computer Science, Princeton University

 

Collections: Computer Technologies and Information Sciences