期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2006
卷号:6
期号:12
页码:311-319
出版社:International Journal of Computer Science and Network Security
摘要:Vulnerability analysis is the process of specifying, designing, and implementing a computer system without vulnerabilities, discovering unknown vulnerabilities, and detecting vulnerabilities’ possible exploits. Some approaches to achieve such a process, integrate the concept of vulnerability into an access control model, and use ad hoc ideas to analyze them. Such approaches usually suffer from problems including weak modeling abilities and separation of authorized and unauthorized rules. To overcome such problems, we propose VGBPS as a new graph-based protection system with the main focus on vulnerabilities. Dealing with access rights, vulnerabilities, attributes, and relations similarly and using edge patterns to define rich types of rules, VGBPS adds the concept of vulnerability into a general access control model in a way that no extra effort is needed to handle vulnerabilities. In VGBPS, vulnerability analysis can be done by answering the safety problem. Considering safety problem more thoroughly, it is proven that safety problem, in the general form of VGBPS, is an NP-Complete problem. However, we introduce some simplified cases of the model, such as monotonically increasing systems and systems containing only permanent rules, in which the safety problem can be answered in polynomial time
