Title :
Using CVSS in Attack Graphs
Author :
Gallon, Laurent ; Bascou, Jean-Jacques
Author_Institution :
LIUPPA, Univ. of Pau Mont de Marsan, Mont-de-Marsan, France
Abstract :
Derived from attack models, attack graphs are providing an efficient way to model attack scenarios intended against computer networks. Such graphs are using CVE database in which all known vulnerabilities are gathered. The CVSS framework is aiming to give numeric scores to each vulnerability recorded in the CVE database, which represent its characteristics and quantify its security impacts. In this paper we adapt attack graphs definition in order to be able to use them in conjunction with CVSS framework. The aim of our work is to provide a way to give an assessment of the impact of attacks on the hosts of the target network. This assessment is made using a host damage score and a network damage score, which take into account the characteristics and consequences of each atomic attack constituting an attack scenario.
Keywords :
computer network security; graph theory; CVE database; CVSS framework; attack graphs; computer networks; host damage score; network damage score; Availability; Computational modeling; Databases; Gold; Measurement; Security; System recovery; CVSS framework; IT vulnerabilities; attack graphs;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.18
