Vulnerability Metrics for Graph-based Configuration Security

Ibifubara Iganibo, Massimiliano Albanese, Marc Mosko, Eric Bier, Alejandro Brito

2021

Abstract

Vulnerability analysis has long been used to evaluate the security posture of a system, and vulnerability graphs have become an essential tool for modeling potential multi-step attacks and assessing a system’s attack surface. More recently, vulnerability graphs have been adopted as part of a multi-faceted approach to configuration analysis and optimization that aims at leveraging relationships between the components, configuration parameters, and vulnerabilities of a complex system to improve its security while preserving functionality. However, this approach still lacks robust metrics to quantify several important aspects of the system being modeled. To address this limitation, we introduce metrics to enable practical and effective application of graph-based configuration analysis and optimization. Specifically, we define metrics to evaluate (i) the exploitation likelihood of a vulnerability, (ii) probability distributions over the edges of a vulnerability graph, and (iii) exposure factors of system components to vulnerabilities. Our approach builds upon standard vulnerability scoring systems, and we show that the proposed metrics can be easily extended. We evaluate our approach against the Common Weakness Scoring System (CWSS), showing a high degree of correlation between CWE scores and our metrics.

Download


Paper Citation


in Harvard Style

Iganibo I., Albanese M., Mosko M., Bier E. and Brito A. (2021). Vulnerability Metrics for Graph-based Configuration Security. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 259-270. DOI: 10.5220/0010559402590270


in Bibtex Style

@conference{secrypt21,
author={Ibifubara Iganibo and Massimiliano Albanese and Marc Mosko and Eric Bier and Alejandro Brito},
title={Vulnerability Metrics for Graph-based Configuration Security},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={259-270},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010559402590270},
isbn={978-989-758-524-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Vulnerability Metrics for Graph-based Configuration Security
SN - 978-989-758-524-1
AU - Iganibo I.
AU - Albanese M.
AU - Mosko M.
AU - Bier E.
AU - Brito A.
PY - 2021
SP - 259
EP - 270
DO - 10.5220/0010559402590270