Showing 1–1 of 1 results for author: Crémilleux, D

CVE representation to build attack positions graphs

Authors: Manuel Poisson, Valérie Viet Triem Tong, Gilles Guette, Frédéric Guihéry, Damien Crémilleux

Abstract: In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater deta… ▽ More In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater detail to understand how they could be chained together in a complete attack scenario. This article presents the first proposal for the CAPG format, which is a method for representing a CVE vulnerability, a corresponding exploit, and associated attack positions. △ Less

Submitted 5 December, 2023; originally announced December 2023.

Journal ref: CyberHunt 2023, Workshop on Cyber Threat Intelligence and Hunting, IEEE BigData, Dec 2023, Sorrento, Italy. pp.1-5