Improving Present Security through the Detection of Past Hidden Vulnerable States

Martín Barrère 1, * Rémi Badonnel 1 Olivier Festor 1
* Auteur correspondant
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : Vulnerability assessment activities usually analyze new security advisories over current running systems. However, a system compromised in the past by a vulnerability unknown at that moment may still constitute a potential security threat in the present. Accordingly, past unknown system exposures are required to be taken into account. We present in this paper a novel approach for increasing the overall security of computing systems by identifying past hidden vulnerable states. In that context, we propose a modeling for detecting unknown past system exposures as well as an OVAL-based distributed framework for autonomously gathering network devices information and automatically analyzing their past security exposure. We also describe an implementation prototype and evaluate its performance through an extensive set of experiments.
Type de document :
Communication dans un congrès
IFIP/IEEE International Symposium on Integrated Network Management (IM'13), May 2013, Ghent, Belgium. 2013, 〈http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6573020&searchWithin%3Dp_Authors%3A.QT.Barrere%2C+M.QT.〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00875199
Contributeur : Martín Barrère <>
Soumis le : lundi 21 octobre 2013 - 14:00:06
Dernière modification le : jeudi 11 janvier 2018 - 06:25:23
Document(s) archivé(s) le : vendredi 7 avril 2017 - 14:03:24

Fichier

Barrere-IM-2013.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-00875199, version 1

Collections

Citation

Martín Barrère, Rémi Badonnel, Olivier Festor. Improving Present Security through the Detection of Past Hidden Vulnerable States. IFIP/IEEE International Symposium on Integrated Network Management (IM'13), May 2013, Ghent, Belgium. 2013, 〈http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6573020&searchWithin%3Dp_Authors%3A.QT.Barrere%2C+M.QT.〉. 〈hal-00875199〉

Partager

Métriques

Consultations de la notice

455

Téléchargements de fichiers

139