Open Access iconOpen Access

ARTICLE

Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis

by Dahyeon Kim1, Namgi Kim2, Junho Ahn2,*

1 Computer Information Technology, Korea National University of Transportation, Chungju, 27469, Korea
2 Department of AI Computer Science and Engineering, Kyonggi University, Suwon, 16227, Korea

* Corresponding Author: Junho Ahn. Email: email

Computers, Materials & Continua 2024, 78(3), 3867-3889. https://doi.org/10.32604/cmc.2024.046871

Abstract

This research aims to propose a practical framework designed for the automatic analysis of a product’s comprehensive functionality and security vulnerabilities, generating applicable guidelines based on real-world software. The existing analysis of software security vulnerabilities often focuses on specific features or modules. This partial and arbitrary analysis of the security vulnerabilities makes it challenging to comprehend the overall security vulnerabilities of the software. The key novelty lies in overcoming the constraints of partial approaches. The proposed framework utilizes data from various sources to create a comprehensive functionality profile, facilitating the derivation of real-world security guidelines. Security guidelines are dynamically generated by associating functional security vulnerabilities with the latest Common Vulnerabilities and Exposure (CVE) and Common Vulnerability Scoring System (CVSS) scores, resulting in automated guidelines tailored to each product. These guidelines are not only practical but also applicable in real-world software, allowing for prioritized security responses. The proposed framework is applied to virtual private network (VPN) software, wherein a validated Level 2 data flow diagram is generated using the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of privilege (STRIDE) technique with references to various papers and examples from related software. The analysis resulted in the identification of a total of 121 vulnerabilities. The successful implementation and validation demonstrate the framework’s efficacy in generating customized guidelines for entire systems, subsystems, and selected modules.

Keywords


Cite This Article

APA Style
Kim, D., Kim, N., Ahn, J. (2024). Systematic security guideline framework through intelligently automated vulnerability analysis. Computers, Materials & Continua, 78(3), 3867-3889. https://doi.org/10.32604/cmc.2024.046871
Vancouver Style
Kim D, Kim N, Ahn J. Systematic security guideline framework through intelligently automated vulnerability analysis. Comput Mater Contin. 2024;78(3):3867-3889 https://doi.org/10.32604/cmc.2024.046871
IEEE Style
D. Kim, N. Kim, and J. Ahn, “Systematic Security Guideline Framework through Intelligently Automated Vulnerability Analysis,” Comput. Mater. Contin., vol. 78, no. 3, pp. 3867-3889, 2024. https://doi.org/10.32604/cmc.2024.046871



cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 524

    View

  • 253

    Download

  • 0

    Like

Share Link