English

CVE representation to build attack positions graphs

Cryptography and Security 2023-12-06 v1

Abstract

In cybersecurity, CVEs (Common Vulnerabilities and Exposures) are publicly disclosed hardware or software vulnerabilities. These vulnerabilities are documented and listed in the NVD database maintained by the NIST. Knowledge of the CVEs impacting an information system provides a measure of its level of security. This article points out that these vulnerabilities should be described in greater detail to understand how they could be chained together in a complete attack scenario. This article presents the first proposal for the CAPG format, which is a method for representing a CVE vulnerability, a corresponding exploit, and associated attack positions.

Cite

@article{arxiv.2312.02585,
  title  = {CVE representation to build attack positions graphs},
  author = {Manuel Poisson and Valérie Viet Triem Tong and Gilles Guette and Frédéric Guihéry and Damien Crémilleux},
  journal= {arXiv preprint arXiv:2312.02585},
  year   = {2023}
}
R2 v1 2026-06-28T13:41:24.172Z