Gawron, Marian; Cheng, Feng; Meinel, Christoph
Proceedings of the 8th International Conference on Security of Information and Networks (SIN’15)
The detection of vulnerabilities in computer systems and computer networks as well as the representation of the results are crucial problems. The presented method tackles the problem with an automated detection and an intuitive representation. For detecting vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. Thus an automated analytical function could detect security leaks on a target system. The gathered information is used to provide security advisories and enhanced diagnostics for the system. Additionally the conditional structure allows us to create attack graphs to visualize the network structure and the integrated vulnerability information. Finally we propose methods to resolve the identified weaknesses whether to remove or update vulnerable applications and secure the target system. This advisories are created automatically and provide possible solutions for the security risks.