The rampant occurrence of cybersecurity breaches imposes substantial limitations on the progress of network infrastructures, leading to compromised data, financial losses, potential harm to individuals, and disruptions in essential services. The current security landscape demands the urgent development of a holistic security assessment solution that encompasses vulnerability analysis and investigates the potential exploitation of these vulnerabilities as attack paths. In this paper, we propose Graphene, an advanced system designed to provide a detailed analysis of the security posture of computing infrastructures. Using user-provided information, such as device details and software versions, Graphene performs a comprehensive security assessment. This assessment includes identifying associated vulnerabilities and constructing potential attack graphs that adversaries can exploit. Furthermore, Graphene evaluates the exploitability of these attack paths and quantifies the overall security posture through a scoring mechanism. The system takes a holistic approach by analyzing security layers encompassing hardware, system, network, and cryptography. Furthermore, Graphene delves into the interconnections between these layers, exploring how vulnerabilities in one layer can be leveraged to exploit vulnerabilities in others. In this paper, we present the end-to-end pipeline implemented in Graphene, showcasing the systematic approach adopted for conducting this thorough security analysis.

翻译：网络安全事件的频繁发生对网络基础设施的进展构成了严重制约，导致数据泄露、经济损失、对个人的潜在伤害以及基本服务的中断。当前的安全形势迫切需要开发一种全面的安全评估解决方案，该方案需涵盖漏洞分析，并研究将这些漏洞作为攻击路径进行利用的可能性。在本文中，我们提出Graphene，一个旨在对计算基础设施安全态势进行详细分析的先进系统。利用用户提供的信息（例如设备详情和软件版本），Graphene执行全面的安全评估。该评估包括识别相关漏洞并构建攻击者可利用的潜在攻击图。此外，Graphene评估这些攻击路径的可利用性，并通过评分机制量化整体安全态势。该系统采用全面的方法，分析涵盖硬件、系统、网络和密码学的安全层。此外，Graphene深入探讨这些层之间的相互联系，研究一个层中的漏洞如何被利用以攻击其他层中的漏洞。在本文中，我们展示了Graphene中实现的端到端流水线，展示了为进行这一全面安全分析所采用的系统性方法。