Vulnerability Assessment Enhancement for Middleware for Computing and Informatics

Jairo Serrano; Elisa Heymann; Eduardo Cesar; Barton P. Miller

Authors

Jairo Serrano Computer Architecture and Operating System, Universitat Autonoma de Barcelona, 08193 Barcelona
Elisa Heymann Computer Architecture and Operating System, Universitat Autonoma de Barcelona, 08193 Barcelona
Eduardo Cesar Computer Architecture and Operating System, Universitat Autonoma de Barcelona, 08193 Barcelona
Barton P. Miller Computer Sciences Department,. University of Wisconsin, Madison

Keywords:

Grid, middleware, security, vulnerability assessment, vulnerability break graph

Abstract

Security on Grid computing is often an afterthought. However assessing security of middleware systems is of the utmost importance because they manage critical resources owned by different organizations. To fulfill this objective we use First Principles Vulnerability Assessment (FPVA), an innovative analystic-centric (manual) methodology that goes beyond current automated vulnerability tools. FPVA involves several stages for characterizing the analyzed system and its components. Based on the evaluation of several middleware systems, we have found that there is a gap between the initial and the last stages of FPVA, which is filled with the security practitioner expertise. We claim that this expertise is likely to be systematically codified in order to be able to automatically indicate which, and why, components should be assessed. In this paper we introduce key elements of our approach: Vulnerability graphs, Vulnerability Graph Analyzer, and a Knowledge Base of security configurations.

Downloads

Download data is not yet available.

Vulnerability Assessment Enhancement for Middleware for Computing and Informatics

Authors

Keywords:

Abstract

Downloads

Downloads

How to Cite

Issue

Section

Most read articles by the same author(s)

Information

Make a Submission

Keywords