A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Conspiracy and information flow in the Take-Grant protection model
Journal of Computer Security
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Privilege Graph: an Extension to the Typed Access Matrix Model
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
On the synthesis and analysis of protection systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Hierarchical Take-Grant Protection systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A Linear time algorithm for deciding security
SFCS '76 Proceedings of the 17th Annual Symposium on Foundations of Computer Science
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Vulnerability analysis in VGBPS using Prolog
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
Building a Quantum Network: How to Optimize Security and Expenses
Journal of Network and Systems Management
Computers and Electrical Engineering
Analyzing uncertainty in TG protection graphs with TG/MC
Journal of Computer Security
Hi-index | 0.00 |
Modeling and analysis of information system vulnerabilities helps us to predict possible attacks to networks using the network configuration and vulnerabilities information. As a fact, exploiting most of vulnerabilities result in access rights alteration. In this paper, we propose a new vulnerability analysis method based on the Take-Grant protection model. We extend the initial Take-Grant model to address the notion of vulnerabilities and introduce the vulnerabilities rewriting rules to specify how the protection state of the system can be changed by exploiting vulnerabilities. Our analysis is based on a bounded polynomial algorithm, which generates the closure of the Take-Grant graph regarding vulnerabilities. The closure helps to verify whether any subject can obtain an access right over an object. The application of our results have been examined in a case study which reveals how an attacker can gain an unauthorized access right by exploiting chain of vulnerabilities.