Filters








28,230 Hits in 3.0 sec

Vulnerability scoring for security configuration settings

Karen Scarfone, Peter Mell
2008 Proceedings of the 4th ACM workshop on Quality of protection - QoP '08  
This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability: security configuration settings.  ...  We also generated scores for 187 configuration settings to evaluate the new specification.  ...  We are also particularly thankful for the contributions of Chuck Wergin and Dan Walsh, the NVD analysts who scored the CCE entries during testing and reviewed several specification drafts.  ... 
doi:10.1145/1456362.1456365 dblp:conf/ccs/ScarfoneM08 fatcat:ctma7bj6fneczb5w4caevrhu2i

A moving target environment for computer configurations using Genetic Algorithms

Michael Crouse, Errin W. Fulp
2011 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)  
do not simultaneously share the same configuration and potential vulnerabilities.  ...  In the proposed approach a computer configuration is modeled as a chromosome, where an individual configuration setting is a trait or allele.  ...  Again, security will be measured as the number of vulnerabilities associated with a configuration and will be referred to as a vulnerability score; therefore a zero vulnerability score is desired.  ... 
doi:10.1109/safeconfig.2011.6111663 dblp:conf/safeconfig/CrouseF11 fatcat:ktcvji4vg5dt7csterc2u3xvfu

VEA-bility Security Metric: A Network Security Analysis Tool

Melanie Tupper, A. Nur Zincir-Heywood
2008 2008 Third International Conference on Availability, Reliability and Security  
An administrator can then use the VEA-bility scores of different configurations to configure a secure network.  ...  These tools are important to network administrators as they strive to provide secure, yet functional, network configurations.  ...  We would also like to thank the entire Tech Support team at Dalhousie University for their cooperation and assistance for the duration of this project.  ... 
doi:10.1109/ares.2008.138 dblp:conf/IEEEares/TupperZ08 fatcat:tm7w7qksfneuteyqbenqzzdeoa

Vulnerability Coverage as an Adequacy Testing Criterion [article]

Shuvalaxmi Dass, Akbar Siami Namin
2020 arXiv   pre-print
Certain settings and possible interactions between these parameters may harden (or soften) the security and robustness of these applications against some known vulnerabilities.  ...  vulnerabilities that match the generated vulnerability vectors and then test the system under test for those identified vulnerabilities.  ...  The score is modeled after the Common Vulnerability Scoring System (CVSS) vector and provides a method for measuring the security level of an individual configuration parameter setting.  ... 
arXiv:2006.08606v1 fatcat:umw7tnsglfeepkdaeepn3ayxjq

Vulnerability Coverage for Secure Configuration [article]

Shuvalaxmi Dass, Akbar Siami Namin
2020 arXiv   pre-print
The methodology utilizes the Common Vulnerability Scoring System (CVSS), a free and open industry standard for assessing the severity of computer system security vulnerabilities, as a fitness measure for  ...  The outcomes of these evolutionary algorithms are then evaluated in order to identify the vulnerabilities that match a class of vulnerability patterns for testing purposes.  ...  PSO implementation for secure pool configuration We compared the performance of GA in generating a set of best configurations with that of PSO. We implemented the PSO algorithm in Python 3.6.  ... 
arXiv:2006.08604v1 fatcat:y67cosfebvghrk2zuky6sd33iu

A concept of standard-based vulnerability management automation for IT systems

Rafał Kasprzyk, Artur Stachurski
2016 Computer Science and Mathematical Modelling  
SCAP offers a set of components which provide, among others, adjustable security checklists, standardised dictionaries of security vulnerabilities and vulnerability scoring methods that may prove valuable  ...  for organisations in terms of security analysis activities and quantitative risk assessment.  ...  Each SCAP component focuses on specific areas related to security issues and provides a standardized format for documenting system security settings and configuration mechanisms.  ... 
doi:10.5604/01.3001.0009.4500 fatcat:45prqjjrufhddpe7pbgxnyrq5q

Reinforcement Learning for Generating Secure Configurations

Shuvalaxmi Dass, Akbar Siami Namin
2021 Electronics  
Many security problems in software systems are because of vulnerabilities caused by improper configurations.  ...  of set of configurations generated.  ...  This approach leverages the AI capabilities through the application of RL in auto-tuning a vulnerable configuration setting to a secure one.  ... 
doi:10.3390/electronics10192392 fatcat:dahh2obzpffonn35vahvin7kmm

User-Centric Security Assessment of Software Configurations: A Case Study [chapter]

Hamza Ghani, Jesus Luna Garcia, Ivaylo Petkov, Neeraj Suri
2014 Lecture Notes in Computer Science  
impact associated with compromising the system's security goals and, (ii) a method to rank available configurations with respect to security.  ...  Software systems are invariably vulnerable to exploits, thus the need to assess their security in order to quantify the associated risk their usage entails.  ...  The authors would like to thank Marco Balduzzi, Jonas Zaddach, and especially Davide Balzarotti, Engin Kirda and Sergio Loureiro for sharing with us the Amazon data set for our experiments.  ... 
doi:10.1007/978-3-319-04897-0_13 fatcat:kcj6ccrofvekpbj2iusxmzpayu

Evolutionary based moving target cyber defense

David J. John, Robert W. Smith, William H. Turkett, Daniel A. Cañas, Errin W. Fulp
2014 Proceedings of the 2014 conference companion on Genetic and evolutionary computation companion - GECCO Comp '14  
fitness, but less diversity -PDM reduces the alternatives (bad settings) Configuration plot indicates diversity of the configurationsVulnerabilities plot indicates diversity of the vulnerabilities  ...  . -•-- No incidences does not necessarily indicate a secure configuration -New vulnerabilities will be discovered John, Smith, Turkett, Selection identifies parents for new chromosomes from current pool  ... 
doi:10.1145/2598394.2605437 dblp:conf/gecco/JohnSTCF14 fatcat:l5vv7rbujbdhzp3egnlk7wrbf4

An Implementation of an Vulnerability Management in Complex Networks and Defining Severity

Rikam Palkar, Swati Chopade
2018 International Journal of Scientific Research in Computer Sciences and Engineering  
Thus, this work presents a framework for vulnerability assessment, vulnerability analysis and vulnerability management in versatile technological networks  ...  In spite of this scope of uses and settings in which complex systems are utilized as models, examines propose that numerous genuine systems are represented by a comparable elements.  ...  This scan will be performed using the same vulnerability scanning tools and identical configuration settings as the initial scan.  ... 
doi:10.26438/ijsrcse/v6i3.3538 fatcat:tgvedt6phzbqron34zrw5sbqpu

Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting [article]

Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly
2021 arXiv   pre-print
We identify attack patterns, tactics, and techniques that exploit these CVEs and also uncover a disparity in how much linked information exists for each of these CVEs.  ...  list (CAPEC), to gain further insight from alerts, threats and vulnerabilities.  ...  Vendors and Severity Scores We next consider the severity of Vulnerabilities of this set of vendors.  ... 
arXiv:2010.00533v2 fatcat:iwefhvph3rdajaf2buc6hirdju

Research on Vulnerability Identification and Quantitative Evaluation of Operating System

Li Hehua, Wu Chunling, Wei Wei, Ran Ran
2013 International Journal of Digital Content Technology and its Applications  
All kinds of computer operating system existing this or that kind of potential safety problems, become information system is not the root cause of security.  ...  This paper introduces the operating system vulnerability found that way, common vulnerability analysis technology and its development present situation, and the most widely used in the current Windows  ...  System security configuration check content Unsafe operating system settings is also operating system vulnerability is one of the main reasons, the vulnerability identification is, can pay attention to  ... 
doi:10.4156/jdcta.vol7.issue6.16 fatcat:7ye4iadbqbavrh446p2rc3ciyy

Designing and Implementing a Diversity Policy for Intrusion-Tolerant Systems

Seondong HEO, Soojin LEE, Bumsoon JANG, Hyunsoo YOON
2017 IEICE transactions on information and systems  
We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.  ...  In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD).  ...  scoring system (CVSS) score, and security metrics.  ... 
doi:10.1587/transinf.2015edp7478 fatcat:lbbu4ixgjndtlntqqyaz7dozs4

An Evolutionary Strategy for Resilient Cyber Defense

Errin W. Fulp, H. Donald Gage, David J. John, Matthew R. McNiece, William H. Turkett, Xin Zhou
2015 2015 IEEE Global Communications Conference (GLOBECOM)  
a 0 -10 score Conclusions and Future Work • EAs provide a method for finding secure configuration settings -Relies on selection, crossover, and mutation • Interested in the resiliency of the approach  ...  and blue) each target 5 unique parameters -Parameters differed on the number of possible settings • Performance measured security provided and diversity -Scored parameters, zero if vulnerable or 100 if  ...  • At 3 rd phase, history-based mutation is able to quickly reestablish secure settings, similar for 4 th phase  ... 
doi:10.1109/glocom.2015.7417814 fatcat:archf3f6nnh33amelfozvous2i

A framework for measuring the vulnerability of hosts

Karen Scarfone, Tim Grance
2008 2008 1st International Conference on Information Technology  
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks.  ...  The framework uses a highly automatable metrics-based approach, producing rapid and consistent measurements for quantitative risk assessment and for attack and vulnerability modeling.  ...  The framework also needs documentation of the security settings for each piece of software of interest and the settings' interdependencies.  ... 
doi:10.1109/inftech.2008.4621610 fatcat:c7rrmjm3bvhlbaawcw6yxyoxpy
« Previous Showing results 1 — 15 out of 28,230 results