Advertisement

Remodeling Vulnerability Information

  • Feng Cheng
  • Sebastian Roschke
  • Robert Schuppenies
  • Christoph Meinel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)

Abstract

This paper addresses the challenges to formally specify the vulnerability information and unify text-based vulnerability descriptions, which might be available in various commercial, governmental, or open source vulnerability databases, into a generic information model. Our motivation is to utilize the remodeled vulnerability data for automating the construction of attack graph, which has been recognized as an effective method for visualizing, analyzing, and measuring the security of complicated computer systems or networks. A formal data structure is proposed based on a comprehensive conceptual analysis on normal computer infrastructure and related vulnerabilities. The newly proposed vulnerability representation, which contains most of meaningful properties extracted from textual descriptions of actual vulnerability items, can be directly fed into the reasoning engine of attack graph tools. A lightweight information extraction mechanism is designed to automatically transform textual vulnerability descriptions into the proposed data structure. Several Reader and Writer plugins are implemented to enable the communication with known vulnerability repositories.

Keywords

System Property Network Address Attack Graph Path Canonicalization Vulnerability Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CERT Vulnerability Analysis Blog, http://www.cert.org/blogs/vuls/ (accessed August 2009)
  2. 2.
    CVE Website, http://cve.mitre.org/ (accessed August 2009)
  3. 3.
    OVAL Website, http://oval.mitre.org/ (accessed August 2009)
  4. 4.
    Mell, P., Scarfone, K., Romanosky, S.: A Complete Guide to the Common Vulnerability Scoring System, Version 2.0. Technical Report, FIRST (June 2007)Google Scholar
  5. 5.
    Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format, Internet Draft. Technical Report, IETF Intrusion Detection Exchange Format Working Group (July 2004)Google Scholar
  6. 6.
    Martin, R.A.: Transformational Vulnerability Management Through Standards Technical Report, MITRE Corporation (May 2005)Google Scholar
  7. 7.
    Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards Unifying Vulnerability Information for Attack Graph Construction. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 218–233. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Phillips, C., Swiler, L.P.: A Graph-based System for Network-Vulnerability Analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms (NSPW 1998), pp. 71–79. ACM Press, New York (September 1998)CrossRefGoogle Scholar
  9. 9.
    Sheyner, O.M.: Scenario Graphs and Attack Graphs. PhD Thesis, CMU-CS-04-122, Carnegie Mellon University, USA (April 2004)Google Scholar
  10. 10.
    Jajodia, S., Noel, S.: Topological Vulnerability Analysis: A Powerful New Approach for Network Attack Prevention, Detection, and Response. In: Book Algorithms, Architectures, and Information Systems Security, pp. 285–306. World Scientific Press, Singapore (November 2008)CrossRefGoogle Scholar
  11. 11.
    Schneier, B.: Attack Trees: Modeling Security Threats. Journal Dr. Dobb’s Journal, http://www.ddj.com/architect/184411129 (December 1999)
  12. 12.
    Templeton, S.J., Levitt, K.: A Requires/Provides Model for Computer Attacks. In: Proceedings of the 2000 Workshop on New Security Paradigms (NSPW 2000), pp. 31–38. ACM Press, Ballycotton (September 2000)CrossRefGoogle Scholar
  13. 13.
    Cuppens, F., Ortalo, R.: LAMBDA: A Language to Model a Database for Detection of Attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Hale, J., Tidwell, T., Larson, R., Fitch, K.: Modeling Internet Attacks. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (IAS 2000), pp. 54–59. IEEE Press, West Point (June 2001)Google Scholar
  15. 15.
    Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A Logic-based Network Security Analyzer. In: Proceedings of the 14th Usenix Security Symposium (SSYM 2005), p. 8. USENIX Association, Berkeley (August 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Feng Cheng
    • 1
  • Sebastian Roschke
    • 1
  • Robert Schuppenies
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso Plattner Institute (HPI)University of PotsdamPotsdamGermany

Personalised recommendations