Open AccessAnalysis of Exploitable Vulnerability Sequences in Industrial Networked Systems: A Proof of Concepts
Author(s) -
Manuel Cheminod,
Luca Durante,
Lucia Seno,
Adriano Valenzano
Publication year - 2015
Publication title -
electronic workshops in computing
Language(s) - English
Resource type - Conference proceedings
ISSN - 1477-9358
DOI - 10.14236/ewic/ics2015.7
Subject(s) - computer science , vulnerability (computing) , industrial control system , vulnerability assessment , computer security , software , secure coding , sequence (biology) , software engineering , control (management) , risk analysis (engineering) , software security assurance , information security , artificial intelligence , programming language , medicine , psychology , psychological resilience , security service , biology , psychotherapist , genetics
Software vulnerabilities can affect the security of any computer and industrial networked systems are no exception. Information about known vulnerabilities and possible countermeasures is being collected and published since several years, however the methodical introduction of changes and/or software patches in many industrial networks is not always possible, so that some known flaws can be left untreated as they are not considered harmful in principle. Unfortunately, a suitable combination (sequence) of vulnerabilities which are not dangerous when considered as insulated, can provide undesired attack paths to malicious users. This paper deals with the automated discovery of such sequences of known vulnerabilities in industrial scenarios by leveraging an analysis framework already developed for the verification of access control policies in real-world systems.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom