Federico Tonelli scite author profile

A global vulnerability is a set of vulnerabilities in one or several nodes of an ICT infrastructure. These vulnerabilities enable some attacks that may be sequentialized so that the privileges that each attack requires are acquired through the previous ones. Current vulnerability scanners cannot discover global vulnerabilities because they analyze each node in isolation, without correlating the vulnerabilities in the same or in distinct nodes. To discover global vulnerabilities, an analysis has to correlate node vulnerabilities according to the architecture and the topology of the infrastructure. After defining a formal analysis to discover global vulnerabilities and the corresponding attack sequences, we present GVScan, a tool to automate the analysis based upon a classification of vulnerabilities. A first application of GVScan to a real infrastructure is described together with an evaluation of its accuracy. I. INTRODUCTIONTo evaluate the security of an ICT infrastructure, we need to discover all its vulnerabilities and the attacks they enable. Currently, this analysis is supported by several tools that scan, e.g. analyze, a node to discover its local vulnerabilities and the elementary attacks they enable. However, these tools may miss some attacks because they do not correlate the vulnerabilities of distinct infrastructure nodes. Hence, they neglect that an intelligent threat agent may discover and implement a complex attack, e.g. a sequence of elementary attacks enabled by distinct local vulnerabilities in one or several nodes. A complex attack results in a privilege escalation where an agent uses the privileges acquired through an attack in the sequence to implement the following ones till acquiring all the privileges of interest. By properly exploiting interactions among nodes, an agent that owns some privileges on a node can implement a complex attack to acquire further privileges on a distinct node. A complex attack is enabled by a global vulnerability, i.e. by a set of local correlated vulnerabilities. Each distinct elementary attack in the complex one is enabled by a subset of the vulnerabilities in the global one. This paper presents a formal analysis to correlate local, distinct vulnerabilities in one or several nodes based upon a formal classification of vulnerabilities. Then, it describes GVScan, the tool that automates this analysis to discover global vulnerabilities of an ICT infrastructure starting from the output of the scanning of each node. The paper is organized as follows. Sect. 2 briefly

show abstract

Automating the assessment of ICT risk

Baiardi

Corò

Tonelli

et al. 2014

Journal of Information Security and Applications

View full text Add to dashboard Cite

QSec: Supporting Security Decisions on an IT Infrastructure

Baiardi

Tonelli

Corò

et al. 2013

View full text Add to dashboard Cite

CyVar: Extending Var-At-Risk to ICT

Baiardi

Tonelli

Bertolini

2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.