Page 399 - Kaleidoscope Academic Conference Proceedings 2024
P. 399
Innovation and Digital Transformation for a Sustainable World
4.3 The National Vulnerability Database (NVD) of digital evidence in software systems as it can enumerate
the methods and steps an adversary may adopt to perform an
The NVD is the official United States government repository activity. However, the information in CAPEC is extensive
of standardized vulnerability management data. The NVD and it helps to extend it by mapping it to a CWE that it
repository consists of references to security checklists, features the exploit for. This way the CWE can be correlated
documented software vulnerabilities, misconfiguration with the CVE ID and largely enhance the vulnerability
information, nomenclature for products and metrics intelligence. By definitions and purpose, the three
assessing the impact of these vulnerabilities [6]. Originally repositories, namely, CVE, CWE and CAPEC are closely
created in 1999 [7], it is a product of the NIST Computer related. A CAPEC attack pattern typically shows in steps
Security Division. how a weakness in CWE can be leveraged to perform an
attack. CVEs are specific instances of the CWEs, whose
The Common Vulnerabilities and Exposures (CVE) exploitation can be demonstrated.
comprises vulnerabilities identified within specific
codebases and software applications, each uniquely 4.6 Role of Vulnerability Intelligence in Maintaining
identified by a CVE ID. While the CVE is maintained by the Security Posture for Organizations
MITRE corporation, the NVD analyzes each CVE, post
getting published in the CVE list and adds reference tags, With increasing complexity and persistence in cyber threats
CVSS scores, CWE and CPE applicability statements [6]. today, vulnerability intelligence ensures that organizations
The NVD is fully synchronized with the CVE list ensuring have the crucial foundational information to take actionable
that any changes or additions to CVE are near instantly decisions when it comes to known vulnerabilities in their
reflected in the NVD. In general, CVEs are available within digital infrastructure, including both software and hardware.
an hour of their initial publication in the NVD. NVD builds Effective cyber security defense measures require the
upon the CVE List and enhances each CVE record by adding knowledge and insights of vulnerability information inherent
information that include severity scores and impact ratings, in the digital infrastructure, to act upon, before malicious
additional search parameters such as searching by the name actors can exploit them and threaten critical assets.
of the operating system's vendor, product, and/or version Vulnerability intelligence is foundational in enhancing the
number, as well as the type of vulnerability. resilience of organizations in their efforts to safeguard their
critical assets mitigate security risks.
4.4 Common Weakness Enumeration (CWE)
4.7 Role of Vulnerability Intelligence in Forensic
The Common Weakness Enumeration is a list of software Analysis
and hardware weakness types created and maintained by a
collaborative community effort [8]. CWE describes and Cyber forensics in general refers to the process of
categorizes vulnerabilities in software and hardware, helping identification, preservation, examination, and analysis of
in identification of these weaknesses in systems and is also digital evidence in computer crime investigations [10]. In
maintained by MITRE. cyber forensics, the crucial part of the analysis process is to
be able to understand how an incident might have occurred
4.5 Common Attack Pattern Enumeration and and what evidence trails may be left behind for analysis.
Classification (CAPEC) Vulnerability intelligence plays a subtle but vital role in this
regard. Software vulnerability intelligence can efficiently
An attack pattern describes typical characteristics and point an analyst to the techniques and methods that may have
approaches/techniques employed by adversaries to exploit been employed to exploit a software or application to
known weaknesses to compromise a software or hardware manifest an unauthorized or unintended activity. This can
system’s security. MITRE’s CAPEC is a catalogue of play a vital role in cases where the trail of evidence is not
categorized attack patterns targeting vulnerabilities in both directly evident. Attack patterns alongside vulnerability
software and hardware. An attack pattern can help intelligence from known vulnerabilities can aid the process
understand how adversaries attempt to exploit vulnerabilities in forensic analysis by pointing to the attack vectors that may
and can not only benefit organizations trying to protect have been used by the adversaries.
against those vulnerabilities but can also help analysts
understand how an attack might have happened in case of an 4.8 Research Motivation
incident [9]. This repository is an asset for the foundational
understanding when performing forensic analysis of The vulnerability databases such as NVD and OSV are
software systems. valuable and knowledge rich resources, however, they are
often each presenting either segregated or overlapping
Most CAPEC entries contain an execution flow which lists information. The software development domain consists of
down the step-by-step instructions for an adversary to multiple ecosystems of technologies, each with their own
examine potential targets, understand and experiment with supported technology stack. In such a scenario, there is a
their assets and defensive mechanisms, if in place, and then need to integrate these valuable knowledge resources offered
to exploit the weakness by carrying out the exploit. This can through various sources so that, not only semantic
be very helpful in the process of identification and analysis connections can be established within the existing
– 355 –
