Information Technology Reference
In-Depth Information
Analyzing Vulnerabilities and Measuring
Security Level at Design and Exploitation Stages
of Computer Network Life Cycle
Igor Kotenko and Mihail Stepashkin
SPIIRAS, 39, 14 Liniya, St.-Petersburg, 199178, Russia
ivkote@iias.spb.su, stepashkin@computer.edu.ru
Abstract.
Vulnerability detection and security level estimation are actual tasks
of protecting computer networks. The paper considers the models and architec-
tures of intelligent components intended for active analyzing computer network
vulnerabilities and estimating its security level. The offered approach is based
on simulation of computer attacks on different levels of detail and intended for
implementation at various stages of computer network life cycle, including de-
sign and exploitation stages.
1 Introduction
According to CERT statistic [1] the quantity of attacks on computer networks, their
complexity and extent of damage, caused by malefactor's attacks in the Internet,
grows each year. The reason is a low security level of majority of systems connected
to the Internet. The most common failures exist in operating system (OS) and applica-
tions software configuration, software maintenance, user management and administra-
tion, including improperly configured OS and applications, incorrect password policy
and improper access control settings, existence of vulnerable or easily exploited ser-
vices and malicious software (Trojans, worms, etc.). Therefore now vulnerability de-
tection and estimation of security level of computer networks are actual tasks of in-
formation assurance.
A special class of systems exists for solution of these tasks
vulnerability assess-
ment or security analysis systems (SAS) [18, 26]. The contemporary SAS destine to
fulfill
checking the system defended against the specified system configuration and
security policy for non-compliance
and
identifying technical vulnerabilities
in order
to correct them and mitigate any risk posed by these vulnerabilities. The main objec-
tive of SAS components is to identify and correct the system management process and
security policy failures that produced the vulnerabilities detected. The other important
functions are security level estimation, supporting effective interface for control of
scanning process, creating reports and automatic updating vulnerability signatures.
The SAS components should scan system, update the system configuration according
to the
specified
security policy and
system configuration and
also send inquiries to
modify the security policy if it is necessary. It is a cycle that must be repeated
−
