-
SecScore: Enhancing the CVSS Threat Metric Group with Empirical Evidences
Authors:
Miguel Santana,
Vinicius V. Cogo,
Alan Oliveira de Sá
Abstract:
Background: Timely prioritising and remediating vulnerabilities are paramount in the dynamic cybersecurity field, and one of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an exploit code. Aims: We present SecScore, an innovative vulnerability severity score that enhances CVSS Threat metric group with statistical models from empiric…
▽ More
Background: Timely prioritising and remediating vulnerabilities are paramount in the dynamic cybersecurity field, and one of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an exploit code. Aims: We present SecScore, an innovative vulnerability severity score that enhances CVSS Threat metric group with statistical models from empirical evidences of real-world exploit codes. Method: SecScore adjusts the traditional CVSS score using an explainable and empirical method that more accurately and promptly captures the dynamics of exploit code development. Results: Our approach can integrate seamlessly into the assessment/prioritisation stage of several vulnerability management processes, improving the effectiveness of prioritisation and ensuring timely remediation. We provide real-world statistical analysis and models for a wide range of vulnerability types and platforms, demonstrating that SecScore is flexible according to the vulnerability's profile. Comprehensive experiments validate the value and timeliness of SecScore in vulnerability prioritisation. Conclusions: SecScore advances the vulnerability metrics theory and enhances organisational cybersecurity with practical insights.
△ Less
Submitted 14 May, 2024;
originally announced May 2024.
-
Software-based Security Framework for Edge and Mobile IoT
Authors:
José Cecílio,
Alan Oliveira de Sá,
André Souto
Abstract:
With the proliferation of Internet of Things (IoT) devices, ensuring secure communications has become imperative. Due to their low cost and embedded nature, many of these devices operate with computational and energy constraints, neglecting the potential security vulnerabilities that they may bring. This work-in-progress is focused on designing secure communication among remote servers and embedde…
▽ More
With the proliferation of Internet of Things (IoT) devices, ensuring secure communications has become imperative. Due to their low cost and embedded nature, many of these devices operate with computational and energy constraints, neglecting the potential security vulnerabilities that they may bring. This work-in-progress is focused on designing secure communication among remote servers and embedded IoT devices to balance security robustness and energy efficiency. The proposed approach uses lightweight cryptography, optimizing device performance and security without overburdening their limited resources. Our architecture stands out for integrating Edge servers and a central Name Server, allowing secure and decentralized authentication and efficient connection transitions between different Edge servers. This architecture enhances the scalability of the IoT network and reduces the load on each server, distributing the responsibility for authentication and key management.
△ Less
Submitted 9 April, 2024;
originally announced April 2024.
-
Covert Attacks in Cyber-Physical Control Systems
Authors:
A. O. Sa,
L. F. R. C. Carmo,
R. C. S. Machado
Abstract:
The advantages of using communication networks to interconnect controllers and physical plants motivate the increasing number of Networked Control Systems, in industrial and critical infrastructure facilities. However, this integration also exposes such control systems to new threats, typical of the cyber domain. In this context, studies have been conduced, aiming to explore vulnerabilities and pr…
▽ More
The advantages of using communication networks to interconnect controllers and physical plants motivate the increasing number of Networked Control Systems, in industrial and critical infrastructure facilities. However, this integration also exposes such control systems to new threats, typical of the cyber domain. In this context, studies have been conduced, aiming to explore vulnerabilities and propose security solutions for cyber-physical systems. In this paper, it is proposed a covert attack for service degradation, which is planned based on the intelligence gathered by another attack, herein proposed, referred as System Identification attack. The simulation results demonstrate that the joint operation of the two attacks is capable to affect, in a covert and accurate way, the physical behavior of a system.
△ Less
Submitted 3 April, 2017; v1 submitted 29 September, 2016;
originally announced September 2016.