| Title | CVSS-based Vulnerability and Risk Assessment for High Performance Computing Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Debnath, Jayanta K., Xie, Derock |
| Conference Name | 2022 IEEE International Systems Conference (SysCon) |
| Keywords | attack graph, CVSS, HPC, Knowledge engineering, Network security, Numerical models, pubcrawl, Real-time Systems, Resiliency, risk assessment, Scalability, standardization, Stochastic Computing Security, Stochastic processes, Throughput, Vulnerability |
| Abstract | Common Vulnerability Scoring System (CVSS) is intended to capture the key characteristics of a vulnerability and correspondingly produce a numerical score to indicate the severity. Important efforts are conducted for building a CVSS stochastic model in order to provide a high-level risk assessment to better support cybersecurity decision-making. However, these efforts consider nothing regarding HPC (High-Performance Computing) networks using a Science Demilitary Zone (DMZ) architecture that has special design principles to facilitate data transition, analysis, and store through in a broadband backbone. In this paper, an HPCvul (CVSS-based vulnerability and risk assessment) approach is proposed for HPC networks in order to provide an understanding of the ongoing awareness of the HPC security situation under a dynamic cybersecurity environment. For such a purpose, HPCvul advocates the standardization of the collected security-related data from the network to achieve data portability. HPCvul adopts an attack graph to model the likelihood of successful exploitation of a vulnerability. It is able to merge multiple attack graphs from different HPC subnets to yield a full picture of a large HPC network. Substantial results are presented in this work to demonstrate HPCvul design and its performance. |
| DOI | 10.1109/SysCon53536.2022.9773931 |
| Citation Key | debnath_cvss-based_2022 |
CVSS-based Vulnerability and Risk Assessment for High Performance Computing Networks