Vulnerability assessment enhancement for middleware for computing and informatics

Jairo Serrano, Elisa Heymann, Eduardo Cesar, Barton P. Miller

Producción científica: Contribución a una revistaArtículoInvestigaciónrevisión exhaustiva

1 Cita (Scopus)

Resumen

Security on Grid computing is often an afterthought. However assessing security of middleware systems is of the utmost importance because they manage critical resources owned by different organizations. To fulfill this objective we use First Principles Vulnerability Assessment (FPVA), an innovative analystic-centric (manual) methodology that goes beyond current automated vulnerability tools. FPVA involves several stages for characterizing the analyzed system and its components. Based on the evaluation of several middleware systems, we have found that there is a gap between the initial and the last stages of FPVA, which is filled with the security practitioner expertise. We claim that this expertise is likely to be systematically codified in order to be able to automatically indicate which, and why, components should be assessed. In this paper we introduce key elements of our approach: Vulnerability graphs, Vulnerability Graph Analyzer, and a Knowledge Base of security configurations.
Idioma originalInglés
Páginas (desde-hasta)103-118
PublicaciónComputing and Informatics
Volumen31
N.º1
EstadoPublicada - 25 may 2012

Huella

Profundice en los temas de investigación de 'Vulnerability assessment enhancement for middleware for computing and informatics'. En conjunto forman una huella única.

Citar esto