Title :
GVScan: Scanning Networks for Global Vulnerabilities
Author :
Baiardi, Fabrizio ; Coro, Fabio ; Tonelli, Federico ; Guidi, Luca
Author_Institution :
Dept. of Comput. Sci., Univ. of Pisa, Pisa, Italy
Abstract :
A global vulnerability is a set of vulnerabilities in one or several nodes of an ICT infrastructure. These vulnerabilities enable some attacks that may be sequentialized so that the privileges that each attack requires are acquired through the previous ones. Current vulnerability scanners cannot discover global vulnerabilities because they analyze each node in isolation, without correlating the vulnerabilities in the same or in distinct nodes. To discover global vulnerabilities, an analysis has to correlate node vulnerabilities according to the architecture and the topology of the infrastructure. After defining a formal analysis to discover global vulnerabilities and the corresponding attack sequences, we present GVScan, a tool to automate the analysis based upon a classification of vulnerabilities. A first application of GVScan to a real infrastructure is described together with an evaluation of its accuracy.
Keywords :
pattern classification; security of data; GVScan; ICT infrastructure; attack sequences; formal analysis; global vulnerability; infrastructure architecture; infrastructure topology; network scanning; node vulnerabilities; vulnerabilities classification; vulnerability scanners; Complexity theory; Correlation; Electronic mail; Network topology; Security; Standards; Topology; Attack Chain; Privilege Escalation; Remote Attack; Risk Assessment; SCADA System; Vulnerability Assessment; Vulnerability Scanning;
Conference_Titel :
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location :
Regensburg
DOI :
10.1109/ARES.2013.88
