Vulnerability Identification on GNU/Linux Operating Systems through Case-Based Reasoning

Abstract

Operating system security has been steadily evolving over the years. Several mechanisms, softwares and guides of best practices of configuration have been developed to contribute with the security of such systems. The process that makes an operating system safer by considering the default level obtained at the installation is known as hardening. Experience and technical knowledge are important attributes for the professional performing this process. In this context, automated rule-based tools are often used to assist professionals with little experience in vulnerability identification activities. However, the use of rules establishes a dependency on developers for the development of new rules as well as to keep them updated. Failure to update rules can significantly compromise the integrity of vulnerability identification results. In this paper, the Case-Based Reasoning (CBR) technique is used to improve tools that assist inexperienced professionals in conducting vulnerability identification activities. The purpose of using CBR is to make inexperienced professionals obtain similar results as experienced professionals. In addition, the dependence on rule developers is diminished. A prototype was developed considering the GNU/Linux system in order to carry out an experimental evaluation. This evaluation demonstrated that the application of CBR improves the performance of inexperienced professionals in terms of the number of identified vulnerabilities.