Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Vulnerability take grant (VTG): an efficient approach to analyze network vulnerabilities
Shahriari, H. R ; Sharif University of Technology | 2007
142
Viewed
- Type of Document: Article
- DOI: 10.1016/j.cose.2007.03.002
- Publisher: 2007
- Abstract:
- Modeling and analyzing information system vulnerabilities help predict possible attacks to computer networks using vulnerabilities information and the network configuration. In this paper, we propose a comprehensive approach to analyze network vulnerabilities in order to answer the safety problem focusing on vulnerabilities. The approach which is called Vulnerability Take Grant (VTG) is a graph-based model consists of subject/objects as nodes and rights/relations as edges to represent the system protection state. Each node may have properties including single vulnerabilities such as buffer overflow. We use the new concept of vulnerability rewriting rule to specify the requirements and consequences of exploiting vulnerabilities. Analysis of the model is achieved using our bounded polynomial algorithm, which generates the most permissive graph in order to verify whether a subject can obtain an access right over an object. The algorithm also finds the likely attack scenarios. Applicability of the approach is investigated by modeling widespread vulnerabilities in their general patterns. A real network is modeled as a case study in order to examine how an attacker can gain unauthorized access via exploiting the chain of vulnerabilities. Our experience shows the efficiency, applicability, and expressiveness in modeling a broader range of vulnerabilities in our approach in comparison to the previous approaches. © 2007 Elsevier Ltd. All rights reserved
- Keywords:
- Multiphase attack analysis ; Safety problem ; Vulnerability analysis ; Vulnerability take grant (VTG) ; Access control ; Algorithms ; Graph theory ; Mathematical models ; Network security ; Problem solving ; Information systems
- Source: Computers and Security ; Volume 26, Issue 5 , 2007 , Pages 349-360 ; 01674048 (ISSN)
- URL: https://www.sciencedirect.com/science/article/pii/S0167404807000375?via%3Dihub