nach oben

Information Systems Frontiers

Erschienen in:

01.11.2008

An OVAL-based active vulnerability assessment system for enterprise computer networks

verfasst von: Xiuzhen Chen, Qinghua Zheng, Xiaohong Guan

Erschienen in: Information Systems Frontiers | Ausgabe 5/2008

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct potential attack paths with strong operation power of relational database management system. The testing results from a series of experiments show that this system has the advantages of a low false positive rate, short running periods, and little impact on the performance of audited systems and good scalability. The security vulnerabilities, undetectable if assessed individually in a network, are discovered without the need to simulate attacks. It is shown that the NetScope system is well suited for vulnerability assessment of large-scale computer networks such as campus networks and enterprise networks. Moreover, it can also be easily integrated with other security tools based on relational databases.

Vorheriger Artikel A literature review of electronic marketplace research: Themes, theories and an integrative framework

Nächster Artikel Parameter mapping and data transformation for engineering application integration

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Ammann, P., Wijesekera, D., & Kaushik, S. (2002). Scalable, graph-based network vulnerability analysis. Proceedings of 9th ACM Conference on Computer and Communication Security, Washington, D.C., USA.

Baldwin, R. (1994). Kuang: Rule based security checking. Cambridge: MIT Technical Report, MIT Lab for Computer Science, Programming Systems Research Group.

CERT Coordination Center (2006). CERT/CC statistics 1988–2004. Pittsburgh: CERT Coordination Center accessed September 24, 2006, from http://www.cert.org/stats/cert_stats.html.

Deraison, R., Gula, R., & Hayton, T. (2005). Passive vulnerability scanning: Introduction to NeVO. Accessed June 10, 2005, http://www.tenablesecurity.com/white_papers/passive_scanning_tenable.pdf.

Farmer, D., & Spafford, E. H. (1991). The cops security checker system. West Lafayette: Purdue University Technical report, CSD-TR-993.

Fithen, W. L., Hernan, S. V., O’Rourke, P. F., et al. (2004). Formal modeling of vulnerabilities. Bell Labs Technical Journal, 8(4), 173–186.CrossRef

Geng, S., Qu, W., & Zhang, L. (2001). Discrete mathematics pp. 34–56. Beijing: Tsinghua University Press.

Help and Support Home, Microsoft (2004). Microsoft baseline security analyzer (MBSA) version 1.2.1 is available. Accessed October 6, 2004, from http://support.microsoft.com/kb/320454/en-us.

Hsu, C., & Wallace, W. (2007). An industrial network flow information integration model for supply chain management and intelligent transportation. Enterprise Information Systems, 1(3), 327–351.CrossRef

International Institute of Standards and Technology (2004). ICAT metabase-your CVE vulnerability search engine. Accessed June 10, 2004, from http://icat.nist.gov/.

Internet Security Systemsä (2005). Vulnerability assessment. Accessed March 10, 2005, from http://www.iss.net/find_products/vulnerability_assessment.php.

Jajodia, S., Noel, S., & O’Berry, B. (2003). Topological analysis of network attack vulnerability. Managing cyber threats: Issues, approaches and challenges, chapter 5. Norwell: Kluwer Academic.

Kotenko, I. (2003). Active vulnerability assessment of computer networks by simulation of complex remote attacks. International Conference on Computer Networks and Mobile Computing, pp. 40–47, October 20–23, Shanghai, China.

Li, T., Feng, S., & Li, L. (2001). Information visualization for intelligent decision support systems. Knowledge-Based Systems, 14(5–6), 259–262.CrossRef

Martin, R. A. (2003). Integrating your information security vulnerability management capabilities through industry standards (CVE & OVAL). IEEE International Conference on Systems, Man and Cybernetics, 2, 1528–1533, October 5–8.

McAfee (2003). CyberCop AsaP. Accessed May 10, 2003, from http://www.mcafeeasap.com/intl/EN/content/cybercop_asap/default.asp.

Microsoft Corporation (2004). List of issues that are fixed in Internet Explorer 6 service packs. Retrieved September 16, 2004, from http://support.microsoft.com/default.aspx?scid=kb;en-us;326489.

Mitre Corporation. (2005). Download the definition interpreter. Accessed January 10, 2005, from http://oval.mitre.org/oval/download/interpreter.html.

Mitre Corporation (2006). OVAL-ID: OVAL199. Accessed July 6, 2006, from http://oval.mitre.org/oval/definitions/sql/OVAL199.html.

Nessus Project (2004). Nessus. Accessed June 20, 2004, from http://www.nessus.org/intro.html.

Ning, P., & Cui, Y. (2002). An intrusion alert correlator based on prerequisites of intrusions. Raleigh: North Carolina State University Technical Report, TR-2002-01, Department of Computer Science.

Ou, X, Govindavajhala, S., & Appel, A. W. (2005). Policy-based multihost, multistage vulnerability analysis. Accessed March 12, 2005, from http://www.cs.princeton.edu/~xou/ publications/ou05.pdf.

Phillips, C., & Swiler, L. P. (1998). A graph-based system for network-vulnerability analysis. NSPW ’98: Proceedings of the 1998 workshop on new security paradigms pp. 71–79. New York: ACM.

Ramakrishnan, C. R., & Sekar, R. (2002). Model-based analysis of configuration vulnerabilities. Journal of Computer Security, 10(1), 189–209.

Ritchey, R., & Ammann, P. (2000). Using model checking to analyze network vulnerabilities. Proceedings of IEEE Symposium on Security and Privacy pp. 156–165. Oakland: IEEE.

Ritchey, R., Berry, B., & Noel, S. (2002). Representing TCP/IP connectivity for topological analysis of network security. The 18th Annual Computer Security Applications Conference, December 9–13,San Diego, CA, USA.

Russell, S., & Norvig, P. (2004). Artificial intelligence: a modern approach pp. 185–200. Upper Saddle River: Pearson Education.

Sheyner, O., Haines, J., Jha, S., et al. (2002). Automated generation and analysis of attack graphs (pp. 254–265). Proceedings of IEEE Symposium on Security and Privacy, May 12–15, Berkeley, CA, USA.

Sourcefire (2003). Snort rule search. Accessed July 6, 2003, from http://www.snort.org/pub-bin/sigs-search. cgi?cve=.

Swiler, L. P., Phillips, C., Ellis, D., et al. (2001). Computer-attack graph generation tool. DARPA Information Survivability Conference and Exposition (DISCEX II’01), 2, 307–321 Anaheim, CA, USA.CrossRef

Templeton, S. J., & Levitt, K. (2000). A requires/provides model for computer attacks (pp. 31–38). Proceedings of the 2000 Workshop On New Security Paradigms, Cork Ireland.

Tripunitara, M. V., Dutta, P., & Spafford, G. (2002). Security assessment of IP-based networks: A holistic approach. Accessed January 19, 2002, from http://www.cerias.purdue.edu/coast/papers /99–02.pdf.

Wojcik, M., Bergeron, T., Wittbold, T., et al. (2005). Introduction to OVAL: A new language to determine the presence of software vulnerabilities. Accessed July 10, 2005, from http://oval.miter.org/documents/doc-03/intro/ intro.html.

Zerkle, D., & Levitt, K. (1996). Netkuang—a multi-host configuration vulnerability checker. Proceedings of the 6th USENIX Security Symposium, San Jose, California, USA.

Titel: An OVAL-based active vulnerability assessment system for enterprise computer networks
verfasst von: Xiuzhen Chen
Qinghua Zheng
Xiaohong Guan
Publikationsdatum: 01.11.2008
Verlag: Springer US
Erschienen in: Information Systems Frontiers / Ausgabe 5/2008
Print ISSN: 1387-3326
Elektronische ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-008-9111-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2008

Complex service design: A virtual enterprise architecture for logistics service

Role-oriented process-driven enterprise cooperative work using the combined rule scheduling strategies

Architecture, implementation and application of complex event processing in enterprise information systems based on RFID

An approach to enterprise process dynamic modeling supporting enterprise process evolution

A literature review of electronic marketplace research: Themes, theories and an integrative framework

The concept and theory of material flow

Premium Partner