{"title":"VCPEC: Vulnerability Correlation Analysis Based on Privilege Escalation and Coritivity Theory","authors":"Xuefei Wang, Rui Ma, Donghai Tian, Xiajing Wang","doi":"10.1145/3442520.3442526","DOIUrl":null,"url":null,"abstract":"Vulnerability correlation analysis has become a key technique in the field of vulnerability analysis, which effectively addresses the limitation of only analyzing an isolated vulnerability. Even though the existing techniques have demonstrated their effectiveness in assessing the complex relationship between the vulnerabilities, they remain limited in accurately locating critical vulnerabilities. To overcome this issue, we design a vulnerability correlation analysis method, named VCPEC, to discover critical vulnerabilities using extended coritivity theory towards a novel privilege model. The key idea is to construct a vulnerability correlation graph (VCG) according to the system privilege grading strategy and the vulnerability privilege escalation paths, reducing the complexity in the graph. Then use the extended coritivity theory to calculate the core of the VCG, that means the critical vulnerabilities can be further recognized. Thus, by repairing critical vulnerabilities to achieve efficient protection of target system, saving the cost of repairing vulnerabilities. We design and perform experiments to verify the feasibility and efficiency of VCPEC in real-world software systems. And the results show that VCPEC can accurately locate critical vulnerabilities.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 10th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3442520.3442526","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Vulnerability correlation analysis has become a key technique in the field of vulnerability analysis, which effectively addresses the limitation of only analyzing an isolated vulnerability. Even though the existing techniques have demonstrated their effectiveness in assessing the complex relationship between the vulnerabilities, they remain limited in accurately locating critical vulnerabilities. To overcome this issue, we design a vulnerability correlation analysis method, named VCPEC, to discover critical vulnerabilities using extended coritivity theory towards a novel privilege model. The key idea is to construct a vulnerability correlation graph (VCG) according to the system privilege grading strategy and the vulnerability privilege escalation paths, reducing the complexity in the graph. Then use the extended coritivity theory to calculate the core of the VCG, that means the critical vulnerabilities can be further recognized. Thus, by repairing critical vulnerabilities to achieve efficient protection of target system, saving the cost of repairing vulnerabilities. We design and perform experiments to verify the feasibility and efficiency of VCPEC in real-world software systems. And the results show that VCPEC can accurately locate critical vulnerabilities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
