A Vulnerability Model Construction Method Based on Chemical Abstract Machine

Li, Xiang; Chen, Jinfu; Lin, Zhechao; Zhang, Lin; Wang, Zibin; Zhou, Minmin; Xie, Wanggen

doi:10.1007/s11859-018-1305-2

Cited by 3 publications

(1 citation statement)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Vulnerability Model. Model-based approaches are used to address the causes and characteristics of vulnerabilities, to detect them on code level [31], to predict them using a linear vulnerability model [2], or for testing [30]. Ontology.…”

Section: Related Workmentioning

confidence: 99%

Model-Based Evaluation of Vulnerabilities in Software Systems

Kenner

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

View full text Add to dashboard Cite

Vulnerabilities in software systems result from faults, which occur at different stages in a software's life cycle, for example, in the design (i.e., undesired feature-interactions), the development (i.e., buffer overflows), or the operation (i.e., configuration errors). Various databases provide detailed information about vulnerabilities in software systems or the way to exploit it, but face severe limitations. The information is scattered across these databases, fluctuates in quality and granularity, and provides only an insight into a single vulnerability per entry. Even for a single software system it is challenging for any security-related stakeholder to determine the threat level, which consists of all vulnerabilities of the software system and its environment (i.e., operating system). Manual vulnerability management is feasible only to a limited extend if we want to identify all configurations that are affected by vulnerabilities, or determine a system's threat level and the resulting risk we have to deal with. For variant-rich systems, we also have to deal with variability, allowing different stakeholders to understand the threats to their particular setup. To deal with this variability, we propose vulnerability feature models, which offer a homogeneous view on all vulnerabilities of a software system. These models and the resulting analyses offer advantages in many disciplines of the vulnerability management process. In this paper, we report the research plan for our project, in which we focus on the model-based evaluation of vulnerabilities. This includes research objectives that take into account the design of vulnerability feature models, their application in the process of vulnerability management, and the impact of evolution, discovery, and verification of vulnerabilities. CCS CONCEPTS • Security and privacy → Vulnerability management; • Software and its engineering → Software product lines.

show abstract

Section: Related Workmentioning

confidence: 99%

Model-Based Evaluation of Vulnerabilities in Software Systems

Kenner

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

View full text Add to dashboard Cite

show abstract

An Intelligent Communication Warning Vulnerability Detection Algorithm Based on IoT Technology

Mao¹,

Xu²,

Xu³

2019

IEEE Access

View full text Add to dashboard Cite

This paper mainly studies the vulnerability intelligent early warning technology in the IoT environment, and studies the network security assessment method based on the attack graph association analysis of the IoT environment, and analyzes the attack graph generation algorithm. Firstly, it uses the attack graph technology to establish a network security evaluation model based on the vulnerability association analysis in the IoT environment. The attack graph generation algorithm is improved. The key attack path of the attack graph in the IoT environment is searched according to the node weight value. The key attack path of the network attack graph is used to measure the whole network security, and the security under the IoT environment is given. The measurement calculation model is used to realize the quantitative analysis of the security status of the IoT environment by using the attack graph. Secondly, an intelligent early warning vulnerability detection algorithm based on the dynamic stain propagation model in the IoT environment is proposed, focusing on the introduction of stains and the inspection of stains. A static detection method for early warning vulnerabilities based on the counterexample of the IoT is proposed. Through the flow detection and context sensitive detection, a possible buffer early warning vulnerability is discovered. The driver crawler realizes automatic detection, and uses function hijacking to detect the execution of the stain data. In the experimental environment, compared with the existing tools, the experimental data shows that the algorithm improves the accuracy, recall rate and efficiency of the unfiltered vulnerability of intelligent early warning detection, and proves that the proposed algorithm can effectively detect the vulnerability. INDEX TERMS Security measurement calculation model, IoT, intelligent early warning, vulnerability mining detection.

show abstract