Full Program
Summary:
Security evaluation remains a critical challenge in cybersecurity, especially with the growing complexity of systems like cloud and IoT environments. This paper introduces CyberHeraclius, a novel methodology for evaluating the security of modern computer networks. The process begins with automated asset mapping and the collection of public Cyber Threat Intelligence (CTI) from MITRE’s CVE, CWE, and CAPEC repositories, as well as Metasploit. To address CTI limitations—such as false positives and coverage gaps—automated penetration testing is used to verify actual vulnerabilities. The validated results feed into a Medieval Castle-based security model, which assesses system resilience based on component composition. CTI risk metrics are then integrated with the model’s aggregation formulas to quantify overall system risk. CyberHeraclius is part of the SecOPERA Platform, which supports secure continuous integration and deployment (CI/CD) pipelines for system developers.Author(s):
George Hatzivasilis
Technical University of Crete
Greece
Sotiris Ioannidis
Technical University of Crete
Greece