Structuring a Vulnerability Description for Comprehensive Single System Security Analysis
نویسندگان
چکیده
The National Vulnerability Database (NVD) provides unstructured descriptions of computer security vulnerabilities. These descriptions do not directly provide the information necessary to formally analyze how the user’s and the attacker’s actions lead to the exploit. Moreover, the descriptions vary in how they describe the vulnerabilities. In this paper, we describe a system for automatically extracting cause and effect information from a set of vulnerabilities. The result is a structured data set of vulnerability descriptions with preand post-condition relationships. We evaluate the system by comparing the output with a manually constructed representation for security analysis called the Personalized Attack Graph (PAG).
منابع مشابه
Formal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملImproving SCADA Control Systems Security with Software Vulnerability Analysis
Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. Despite growing awareness of security issues especially in SCADA networks, there exist little or scarce information about SCADA vulnerabilities and attacks. The emergence of Internet and World Wide Web...
متن کاملResearch on Security Evaluation of XML Communication Protocol
According to the problem in communication protocol security assessments, a new protocol security comprehensive evaluation method based on the threedimensional sphere model is presented. In this method, a three-dimensional security evaluation index system was built through positions of index on the external of spherical shell. Evaluation index weights of the top two levels were obtained through ...
متن کاملشناسایی و تحلیل تاثیر متغیرها و شاخصهای تابآوری: شواهدی از شمال و شمالشرقی تهران
Human communities are affected by hazards, disasters and catastrophic events throughout history, including natural disasters (such as: earthquakes, hurricanes, floods, tornadoes) man-made disasters (such as: nuclear accidents, explosions, socio or political crisis, economic disturbances). Therefore, catastrophic events can have human or natural causes. These conditions show that human communiti...
متن کامل