CINXE.COM

SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment

<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-P63WKM1TM1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-P63WKM1TM1'); </script> <!-- Yandex.Metrika counter --> <script type="text/javascript" > (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*new Date(); for (var j = 0; j < document.scripts.length; j++) {if (document.scripts[j].src === r) { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(55165297, "init", { clickmap:false, trackLinks:true, accurateTrackBounce:true, webvisor:false }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/55165297" style="position:absolute; left:-9999px;" alt="" /></div></noscript> <!-- /Yandex.Metrika counter --> <!-- Matomo --> <!-- End Matomo Code --> <title>SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment</title> <meta name="description" content="SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment"> <meta name="keywords" content="DIR Triad Model, DVE, vulnerability intelligence, vulnerability recurrence."> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta name="citation_title" content="SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment"> <meta name="citation_author" content="Wenqing Fan"> <meta name="citation_author" content="Yixuan Cheng"> <meta name="citation_author" content="Wei Huang"> <meta name="citation_publication_date" content="2014/01/01"> <meta name="citation_journal_title" content="International Journal of Information and Communication Engineering"> <meta name="citation_volume" content="14"> <meta name="citation_issue" content="1"> <meta name="citation_firstpage" content="16"> <meta name="citation_lastpage" content="23"> <meta name="citation_pdf_url" content="https://publications.waset.org/10011009/pdf"> <link href="https://cdn.waset.org/favicon.ico" type="image/x-icon" rel="shortcut icon"> <link href="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/css/bootstrap.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/plugins/fontawesome/css/all.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/css/site.css?v=150220211555" rel="stylesheet"> </head> <body> <header> <div class="container"> <nav class="navbar navbar-expand-lg navbar-light"> <a class="navbar-brand" href="https://waset.org"> <img src="https://cdn.waset.org/static/images/wasetc.png" alt="Open Science Research Excellence" title="Open Science Research Excellence" /> </a> <button class="d-block d-lg-none navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarMenu" aria-controls="navbarMenu" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="w-100"> <div class="d-none d-lg-flex flex-row-reverse"> <form method="get" action="https://waset.org/search" class="form-inline my-2 my-lg-0"> <input class="form-control mr-sm-2" type="search" placeholder="Search Conferences" value="" name="q" aria-label="Search"> <button class="btn btn-light my-2 my-sm-0" type="submit"><i class="fas fa-search"></i></button> </form> </div> <div class="collapse navbar-collapse mt-1" id="navbarMenu"> <ul class="navbar-nav ml-auto align-items-center" id="mainNavMenu"> <li class="nav-item"> <a class="nav-link" href="https://waset.org/conferences" title="Conferences in 2024/2025/2026">Conferences</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/disciplines" title="Disciplines">Disciplines</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/committees" rel="nofollow">Committees</a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdownPublications" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Publications </a> <div class="dropdown-menu" aria-labelledby="navbarDropdownPublications"> <a class="dropdown-item" href="https://publications.waset.org/abstracts">Abstracts</a> <a class="dropdown-item" href="https://publications.waset.org">Periodicals</a> <a class="dropdown-item" href="https://publications.waset.org/archive">Archive</a> </div> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/page/support" title="Support">Support</a> </li> </ul> </div> </div> </nav> </div> </header> <main> <div class="container mt-4"> <div class="row"> <div class="col-md-9 mx-auto"> <form method="get" action="https://publications.waset.org/search"> <div id="custom-search-input"> <div class="input-group"> <i class="fas fa-search"></i> <input type="text" class="search-query" name="q" placeholder="Author, Title, Abstract, Keywords" value=""> <input type="submit" class="btn_search" value="Search"> </div> </div> </form> </div> </div> <div class="row mt-3"> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Commenced</strong> in January 2007</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Frequency:</strong> Monthly</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Edition:</strong> International</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Paper Count:</strong> 33093</div> </div> </div> </div> <div class="card publication-listing mt-3 mb-3"> <h5 class="card-header" style="font-size:.9rem">SVID: Structured Vulnerability Intelligence for Building Deliberated Vulnerable Environment</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/search?q=Wenqing%20Fan">Wenqing Fan</a>, <a href="https://publications.waset.org/search?q=Yixuan%20Cheng"> Yixuan Cheng</a>, <a href="https://publications.waset.org/search?q=Wei%20Huang"> Wei Huang</a> </p> <p class="card-text"><strong>Abstract:</strong></p> <p>The diversity and complexity of modern IT systems make it almost impossible for internal teams to find vulnerabilities in all software before the software is officially released. The emergence of threat intelligence and vulnerability reporting policy has greatly reduced the burden on software vendors and organizations to find vulnerabilities. However, to prove the existence of the reported vulnerability, it is necessary but difficult for security incident response team to build a deliberated vulnerable environment from the vulnerability report with limited and incomplete information. This paper presents a structured, standardized, machine-oriented vulnerability intelligence format, that can be used to automate the orchestration of Deliberated Vulnerable Environment (DVE). This paper highlights the important role of software configuration and proof of vulnerable specifications in vulnerability intelligence, and proposes a triad model, which is called DIR (Dependency Configuration, Installation Configuration, Runtime Configuration), to define software configuration. Finally, this paper has also implemented a prototype system to demonstrate that the orchestration of DVE can be automated with the intelligence.</p> <iframe src="https://publications.waset.org/10011009.pdf" style="width:100%; height:400px;" frameborder="0"></iframe> <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/search?q=DIR%20Triad%20Model" title="DIR Triad Model">DIR Triad Model</a>, <a href="https://publications.waset.org/search?q=DVE" title=" DVE"> DVE</a>, <a href="https://publications.waset.org/search?q=vulnerability%20intelligence" title=" vulnerability intelligence"> vulnerability intelligence</a>, <a href="https://publications.waset.org/search?q=vulnerability%20recurrence." title=" vulnerability recurrence."> vulnerability recurrence.</a> </p> <p class="card-text"><strong>Digital Object Identifier (DOI):</strong> <a href="https://doi.org/10.5281/zenodo.3669184" target="_blank">doi.org/10.5281/zenodo.3669184</a> </p> <a href="https://publications.waset.org/10011009/svid-structured-vulnerability-intelligence-for-building-deliberated-vulnerable-environment" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/10011009/apa" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">APA</a> <a href="https://publications.waset.org/10011009/bibtex" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">BibTeX</a> <a href="https://publications.waset.org/10011009/chicago" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">Chicago</a> <a href="https://publications.waset.org/10011009/endnote" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">EndNote</a> <a href="https://publications.waset.org/10011009/harvard" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">Harvard</a> <a href="https://publications.waset.org/10011009/json" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">JSON</a> <a href="https://publications.waset.org/10011009/mla" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">MLA</a> <a href="https://publications.waset.org/10011009/ris" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">RIS</a> <a href="https://publications.waset.org/10011009/xml" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">XML</a> <a href="https://publications.waset.org/10011009/iso690" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">ISO 690</a> <a href="https://publications.waset.org/10011009.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">691</span> </span> <p class="card-text"><strong>References:</strong></p> <br>[1] NIST. National vulnerability database. https://nvd.nist.gov/. Retrieved: April 26, 2019. <br>[2] Lily Hay Newman. Everything we know about Facebook鈥檚 massive security breach. https://www.wired.com/story/facebook-security-breach-50-million-accounts/. Retrieved: April 26, 2019. <br>[3] McAffee Corporation, McAfee Labs - Threat-Report, In: 2017, https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-sept-2017.pdf. <br>[4] DOD. Hacking the pentagon. https://www.usds.gov/report-to-congress/2017/fall/hack-the-pentagon/. Retrieved: April 26, 2019. <br>[5] Taylor Hatmaker. Google鈥檚 bug bounty program pays out $3 million, mostly for Android and Chrome exploits. https://techcrunch.com/2017/01/31/googles-bug-bounty-2016/. Retrieved: April 26, 2019. <br>[6] Tom Warren. Microsoft will now pay up to $250,000 for Windows 10 security bugs. https://www.theverge.com/2017/7/26/16044842/microsoft-windows-bug-bounty-security-flaws-bugs-250k. Retrieved: April 26, 2019. <br>[7] Mu, Dongliang, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, and Gang Wang. "Understanding the reproducibility of crowd-reported security vulnerabilities." In 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 919-936. 2018. <br>[8] Steven Musil. Researcher posts Facebook bug report to Mark Zuckerberg's wall. https://www.cnet.com/news/researcher-posts-facebook-bug-report-to-mark-zuckerbergs-wall/. Retrieved: April 26, 2019. <br>[9] Menges, Florian, and G眉nther Pernul. "A comparative analysis of incident reporting formats." Computers & Security 73 (2018): 87-101. <br>[10] Asgarli, Elchin, and Eric Burger. "Semantic ontologies for cyber threat sharing standards." In 2016 IEEE Symposium on Technologies for Homeland Security (HST), pp. 1-6. IEEE, 2016. <br>[11] Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., & Wang, G. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. <br>[12] Tounsi, W., & Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & security, 72, 212-233. <br>[13] CISA. Traffic Light Protocol (TLP) definitions and usage. https://www.us-cert.gov/tlp. Retrieved: April 26, 2019. <br>[14] Steinberger, J., Sperotto, A., Golling, M., & Baier, H. (2015, May). How to exchange security events? overview and evaluation of formats and protocols. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) (pp. 261-269). IEEE. <br>[15] Mavroeidis, V., & Bromander, S. (2017, September). Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In 2017 European Intelligence and Security Informatics Conference (EISIC) (pp. 91-98). IEEE. <br>[16] Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. NIST Special Publication, 800(61), 1-147. <br>[17] The twelve-factor app. https://12factor.net/. Retrieved: April 26, 2019. <br>[18] GNS3. https://www.gns3.com/. Retrieved: April 26, 2019. <br>[19] NIST. Official Common Platform Enumeration (CPE) dictionary. https://nvd.nist.gov/Products/CPE. Retrieved: April 26, 2019. <br>[20] Semantic versioning 2.0.0. https://semver.org/. Retrieved: April 26, 2019. <br>[21] Rapid7 Corporation. Metasploit. https://www.metasploit.com/. Retrieved: April 26, 2019. <br>[22] MITRE Corporation. Common weakness enumeration. https://cwe.mitre.org/index.html. Retrieved: April 26, 2019. <br>[23] MITRE Corporation. Common attack pattern enumeration and classification. https://capec.mitre.org/. Retrieved: April 26, 2019. <br>[24] CISA. Common Vulnerabilities and Exposures. https://cve.mitre.org/. Retrieved: May 13, 2019. </div> </div> </div> </main> <footer> <div id="infolinks" class="pt-3 pb-2"> <div class="container"> <div style="background-color:#f5f5f5;" class="p-3"> <div class="row"> <div class="col-md-2"> <ul class="list-unstyled"> About <li><a href="https://waset.org/page/support">About Us</a></li> <li><a href="https://waset.org/page/support#legal-information">Legal</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/WASET-16th-foundational-anniversary.pdf">WASET celebrates its 16th foundational anniversary</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Account <li><a href="https://waset.org/profile">My Account</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Explore <li><a href="https://waset.org/disciplines">Disciplines</a></li> <li><a href="https://waset.org/conferences">Conferences</a></li> <li><a href="https://waset.org/conference-programs">Conference Program</a></li> <li><a href="https://waset.org/committees">Committees</a></li> <li><a href="https://publications.waset.org">Publications</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Research <li><a href="https://publications.waset.org/abstracts">Abstracts</a></li> <li><a href="https://publications.waset.org">Periodicals</a></li> <li><a href="https://publications.waset.org/archive">Archive</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Open Science <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Philosophy.pdf">Open Science Philosophy</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Award.pdf">Open Science Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Society-Open-Science-and-Open-Innovation.pdf">Open Innovation</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Postdoctoral-Fellowship-Award.pdf">Postdoctoral Fellowship Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Scholarly-Research-Review.pdf">Scholarly Research Review</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Support <li><a href="https://waset.org/page/support">Support</a></li> <li><a href="https://waset.org/profile/messages/create">Contact Us</a></li> <li><a href="https://waset.org/profile/messages/create">Report Abuse</a></li> </ul> </div> </div> </div> </div> </div> <div class="container text-center"> <hr style="margin-top:0;margin-bottom:.3rem;"> <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" class="text-muted small">Creative Commons Attribution 4.0 International License</a> <div id="copy" class="mt-2">&copy; 2024 World Academy of Science, Engineering and Technology</div> </div> </footer> <a href="javascript:" id="return-to-top"><i class="fas fa-arrow-up"></i></a> <div class="modal" id="modal-template"> <div class="modal-dialog"> <div class="modal-content"> <div class="row m-0 mt-1"> <div class="col-md-12"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button> </div> </div> <div class="modal-body"></div> </div> </div> </div> <script src="https://cdn.waset.org/static/plugins/jquery-3.3.1.min.js"></script> <script src="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.waset.org/static/js/site.js?v=150220211556"></script> <script> jQuery(document).ready(function() { /*jQuery.get("https://publications.waset.org/xhr/user-menu", function (response) { jQuery('#mainNavMenu').append(response); });*/ jQuery.get({ url: "https://publications.waset.org/xhr/user-menu", cache: false }).then(function(response){ jQuery('#mainNavMenu').append(response); }); }); </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10