[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0703151742450.19123-100000@linuxbox.org>
Date: Thu, 15 Mar 2007 17:44:58 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Tel Aviv University Security Forum - 18th of March
TAUSEC - The Security Forum, hosted by Tel-Aviv University, next meeting
will take place on: Sunday, March 18, at 18:30.
Location: Tel-Aviv University, Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp
Attendance is free, light refreshments will be served
Schedule:
---------
18:30 - A taxonomy & tool for automated vulnerability chaining and path
discovery Topic Synopsis
- Toby Kohlenberg
Level: Technical/High
Language: English
Abstract:
-----------------
Vulnerabilities are occurring with increasing frequency and the
resources required to manage mitigation are increasing in parallel.
Unfortunately, current best practices still evaluate the majority of
vulnerabilities as unique unrelated events. This method of evaluation is
an understandable choice but does not accurately reflect how the
vulnerabilities may be used by attackers. In this project we attempted
to find a way to evaluate combinations of vulnerabilities in an
automated fashion.
We created a taxonomy that allows us to describe vulnerabilities and
their connections to each other. We then used these descriptions to
create a graph showing the interconnections between the vulnerabilities
and used that to find pathways to complete system compromise.
The system we used to judge the effectiveness of this approach is a
feature rich web application which allows a user to quickly and easily
describe a vulnerability and its interactions and then explore its
relationship to other vulnerabilities.
-----------------
Sicne the lecture begins late, we will have only one speaker.
More details and past lectures can be seen at:
http://www.cs.tau.ac.il/tausec/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists