loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Ibifubara Iganibo 1 ; Massimiliano Albanese 1 ; Marc Mosko 2 ; Eric Bier 2 and Alejandro E. Brito 2

Affiliations: 1 Center for Secure Information Systems, George Mason University, Fairfax, U.S.A. ; 2 Palo Alto Research Center, Palo Alto, U.S.A.

Keyword(s): Configuration Security, Vulnerability Analysis, Vulnerability Graphs, Metrics.

Abstract: Vulnerability analysis has long been used to evaluate the security posture of a system, and vulnerability graphs have become an essential tool for modeling potential multi-step attacks and assessing a system’s attack surface. More recently, vulnerability graphs have been adopted as part of a multi-faceted approach to configuration analysis and optimization that aims at leveraging relationships between the components, configuration parameters, and vulnerabilities of a complex system to improve its security while preserving functionality. However, this approach still lacks robust metrics to quantify several important aspects of the system being modeled. To address this limitation, we introduce metrics to enable practical and effective application of graph-based configuration analysis and optimization. Specifically, we define metrics to evaluate (i) the exploitation likelihood of a vulnerability, (ii) probability distributions over the edges of a vulnerability graph, and (iii) exposure factors of system components to vulnerabilities. Our approach builds upon standard vulnerability scoring systems, and we show that the proposed metrics can be easily extended. We evaluate our approach against the Common Weakness Scoring System (CWSS), showing a high degree of correlation between CWE scores and our metrics. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.134.104.173

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Iganibo, I.; Albanese, M.; Mosko, M.; Bier, E. and Brito, A. (2021). Vulnerability Metrics for Graph-based Configuration Security. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 259-270. DOI: 10.5220/0010559402590270

@conference{secrypt21,
author={Ibifubara Iganibo. and Massimiliano Albanese. and Marc Mosko. and Eric Bier. and Alejandro E. Brito.},
title={Vulnerability Metrics for Graph-based Configuration Security},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={259-270},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010559402590270},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Vulnerability Metrics for Graph-based Configuration Security
SN - 978-989-758-524-1
IS - 2184-7711
AU - Iganibo, I.
AU - Albanese, M.
AU - Mosko, M.
AU - Bier, E.
AU - Brito, A.
PY - 2021
SP - 259
EP - 270
DO - 10.5220/0010559402590270
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic