Vulnerability Analysis in VGBPS Using Prolog.

Vulnerabilities are now part of all software systems. To handle vulnerabilities, many approaches have been proposed till now. Many of these approaches try to analyze vulnerabilities based on model checking techniques. However, the models used in these approaches handle authorized and unauthorized rules separately. This basically cause in weaker modeling abilities and consequently weaker vulnerability analysis. From authorized and unauthorized rules, we mean those emanated from access control model and those originated from vulnerabilities respectively. Currently, a new general graph-based protection system concentrating on vulnerabilities called VGBPS is proposed to overcome the mentioned problem. VGBPS combines vulnerabilities and their related rules in an access control system, in a way that no extra effort is needed to handle them. In contrast, vulnerability analysis in this model can be done by answering safety problem. Using this model, we propose a new approach for vulnerability analysis based on Prolog inference engine. In this approach, we show how to express modeling graph and rules set of a VGBPS model using Prolog facts and rules. Safety problem is also defined by Prolog rules. Finally, we use Prolog inference engine to answer safety problem which is the base of vulnerability analysis in VGBPS. We provide a case study to show how this approach can help us find possible exploits of a specific configuration in a system. Using Prolog, we can also find all possible scenarios of these exploits which can be used in many security analyses. [ABSTRACT FROM AUTHOR]