Classification of countermeasures for family of vulnerabilities

Question

I would like to know if anyone of you has already read about some models that would classify a set of possible countermeasures against a family of vulnerabilities.

What I mean by a 'family of vulnerabilities' is, for example, vulnerabilities that would allow an attacker to realize a denial of service. The countermeasure to such vulnerabilities is generally the same, or at least in the same class of countermeasure. Of course, this requires a bit of abstraction and generalization, but I believe this to exist, even if I didn't find anything yet.

This could be presented in very high level way such as: software vulnerabilities are solved by this kind of countermeasures and hardware vulnerabilities by this kind. Or in more in-depth ways.

STRIDE is the closet of what I am looking for so far, but there is no discussion on what countermeasure can be used against a particular threat. So if you guys know anything that is a serious track (scientific publication) or that is well used (standard?), I would appreciate some sharing :)

score 1 · Answer 1 · answered Sep 15 '20 at 19:57

I think this might be of your interest

"DeTT&CT aims to assist blue teams using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation. The DeTT&CT framework consists of a Python tool, YAML administration files, the DeTT&CT Editor and scoring tables for the different aspects."

https://github.com/rabobank-cdc/DeTTECT

score 0 · Answer 2 · answered Jan 15 '19 at 06:10

0

As far as generic classification of countermeasures can be practiced, you can follow any secure coding guidelines (such as owasp secure coding guideline Reference #1 ) and rest of the countermeasures will be taken care by the generic modern compilers and interpreters.

To know more about the family of vulnerability being exploited MITRE ATT&CK Framework looks a great option as is "a very granular model of what attackers do after they break in" Reference #2 , it can provide you the context for your vulnerability so that the developer can understand the bug and build specialized countermeasures.

answered Jan 15 '19 at 06:10

Aayush

577
1
6
18

I didn't know about this MITRE framework. I didn't retain OWASP because it is very unformal. – Ecterion Jan 15 '19 at 06:38
Please elaborate on how did you found OWASP to be unformal ? – Aayush Jan 15 '19 at 11:18

Classification of countermeasures for family of vulnerabilities

2 Answers2