NSDF:: a computer network system description framework and its application to network security

In this work a general framework, termed NSDF, for describing network systems is proposed. Basic elements of this scheme are entities and the relationships established between them. Both entities and relationships are the basis underlying the concept of system state. The dynamics of a network system can be conceived of as a trajectory in the state space. The term action is used to describe every event which can produce a transition from one state to another. These concepts (entity, relationship, state, and action) are enough to construct a model of the system. Evolution and dynamism are easily captured, and it is possible to monitor the behaviour of the system. With the aim of illustrating the use of the proposed framework, a network state description language derived from NSDF, termed RENDL, is also specified. An immediate application of this framework concerns the network security field. It is shown that concepts like security policing of the site, insecure states, intrusive activities and intrusion response mechanisms can be modelled well. Thus, some imprecise terms used in the security context can be expressed in a uniform, precise way within this framework. Formalizing the above concepts allows us to introduce a generic model to classify currently presented taxonomies related to intrusive activities in network systems. This provides a general context for a better understanding of security flaws and how to develop effective defenses. (C) 2003 Elsevier B.V. All rights reserved.