Biblio

Common Vulnerabilities and Exposures (CVE) databases contain information about vulnerabilities of software products and source code. If individual elements of CVE descriptions can be extracted and structured, then the data can be used to search and analyze CVE descriptions. Herein we propose a method to label each element in CVE descriptions by applying Named Entity Recognition (NER). For NER, we used BERT, a transformer-based natural language processing model. Using NER with machine learning can label information from CVE descriptions even if there are some distortions in the data. An experiment involving manually prepared label information for 1000 CVE descriptions shows that the labeling accuracy of the proposed method is about 0.81 for precision and about 0.89 for recall. In addition, we devise a way to train the data by dividing it into labels. Our proposed method can be used to label each element automatically from CVE descriptions.

Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.

In order to standardize and describe vulnerability information in detail as far as possible and realize knowledge sharing, reuse and extension at the semantic level, a vulnerability ontology is constructed based on the information security public databases such as CVE, CWE and CAPEC and industry public standards like CVSS. By analyzing the relationship between vulnerability class and weakness class, inference rules are defined to realize knowledge inference from vulnerability instance to its consequence and from one vulnerability instance to another vulnerability instance. The experimental results show that this model can analyze the causal and congeneric relationships between vulnerability instances, which is helpful to repair vulnerabilities and predict attacks.

The goal of this work was to identify and try to solve some of the vulnerabilities present in the AR Drone 2.0 by Parrot. The approach was to identify how the system worked, find and analyze vulnerabilities and flaws in the system as a whole and in the software, and find solutions to those problems. Analyzing the results of some tests showed that the system has an open WiFi network and the communication between the controller and the drone are unencrypted. Analyzing the Linux operating system that the drone uses, we see that "Pairing Mode" is the only way the system protects itself from unauthorized control. This is a feature that can be easily bypassed. Port scans reveal that the system has all the ports for its services open and exposed. This makes it susceptible to attacks like DoS and takeover. This research also focuses on some of the software vulnerabilities, such as Busybox that the drone runs. Lastly, this paper discuses some of the possible methods that can be used to secure the drone. These methods include securing the messages via SSH Tunnel, closing unused ports, and re-implementing the software used by the drone and the controller.

Quantifying vulnerability and security levels for smart grid diversified link of networks have been a challenging task for a long period of time. Security experts and network administrators used to act based on their proficiencies and practices to mitigate network attacks rather than objective metrics and models. This paper uses the Markov Chain Model [1] to evaluate quantitatively the vulnerabilities associated to the 802.11 Wi-Fi network in a smart grid. Administrator can now assess the level of severity of potential attacks based on determining the probability density of the successive states and thus, providing the corresponding security measures. This model is based on the observed vulnerabilities provided by the Common Vulnerabilities and Exposures (CVE) database explored by MITRE [2] to calculate the Markov processes (states) transitions probabilities and thus, deducing the vulnerability level of the entire attack paths in an attack graph. Cumulative probabilities referring to high vulnerability level in a specific attack path will lead the system administrator to apply appropriate security measures a priori to potential attacks occurrence.

Hypervisors are the main components for managing virtual machines on cloud computing systems. Thus, the security of hypervisors is very crucial as the whole system could be compromised when just one vulnerability is exploited. In this paper, we assess the vulnerabilities of widely used hypervisors including VMware ESXi, Citrix XenServer and KVM using the NIST 800-115 security testing framework. We perform real experiments to assess the vulnerabilities of those hypervisors using security testing tools. The results are evaluated using weakness information from CWE, and using vulnerability information from CVE. We also compute the severity scores using CVSS information. All vulnerabilities found of three hypervisors will be compared in terms of weaknesses, severity scores and impact. The experimental results showed that ESXi and XenServer have common weaknesses and vulnerabilities whereas KVM has fewer vulnerabilities. In addition, we discover a new vulnerability called HTTP response splitting on ESXi Web interface.