An Attack Surface Metric
暂无分享,去创建一个
[1] Steve Lipner,et al. Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.
[2] Sushil Jajodia,et al. Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.
[3] D. Campbell,et al. Convergent and discriminant validation by the multitrait-multimethod matrix. , 1959, Psychological bulletin.
[4] John McHugh. Quality of protection: measuring the unmeasurable? , 2006, QoP '06.
[5] Horst Zuse,et al. Support of Experimentation by Measurement Theory , 1992, Experimental Software Engineering Issues.
[6] Vassilis Prevelakis,et al. Characterizing the 'security vulnerability likelihood' of software functions , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..
[7] Crispin Cowan,et al. Timing the Application of Security Patches for Optimal Uptime , 2002, LISA.
[8] L. Briand,et al. Theoretical and Empirical Validation of Software Product Measures , 1995 .
[9] James D. Wright,et al. Handbook of Survey Research. , 1985 .
[10] Jeannette M. Wing,et al. Measuring a System's Attack Surface , 2004 .
[11] Bharat B. Madan,et al. A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.
[12] R. Likert. “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.
[13] Elaine J. Weyuker,et al. Comments on "Toward a Framework for Software Measurement Validation" , 1997, IEEE Trans. Software Eng..
[14] Albert L. Baker,et al. A mathematical perspective for software measures research , 1990, Softw. Eng. J..
[15] Mark Sullivan,et al. Software defects and their impact on system availability-a study of field failures in operating systems , 1991, [1991] Digest of Papers. Fault-Tolerant Computing: The Twenty-First International Symposium.
[16] Rayford B. Vaughn,et al. Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.
[17] Joseph A. C. Delaney. Sensitivity analysis , 2018, The African Continental Free Trade Area: Economic and Distributional Effects.
[18] Victor R. Basili,et al. Validation on an Approach for Improving Existing Measurement Frameworks , 2000, IEEE Trans. Software Eng..
[19] Yukio Miyazaki,et al. COCOMO evaluation and tailoring , 1985, ICSE '85.
[20] Y. Haimes. Risk Modeling, Assessment, and Management: Haimes/Risk Modeling, Assessment 2e , 2005 .
[21] David A. Wagner,et al. Setuid Demystified , 2002, USENIX Security Symposium.
[22] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.
[23] David F. Bacon,et al. Fast static analysis of C++ virtual function calls , 1996, OOPSLA '96.
[24] Miles A. McQueen,et al. Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).
[25] Keith W. Miller,et al. Defining an adaptive software security metric from a dynamic software failure tolerance measure , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.
[26] Gary McGraw,et al. From the Ground Up: The DIMACS Software Security Workshop , 2003, IEEE Secur. Priv..
[27] David M. Nicol. Modeling and Simulation in Security Evaluation , 2005, IEEE Secur. Priv..
[28] Elaine J. Weyuker,et al. Evaluating Software Complexity Measures , 2010, IEEE Trans. Software Eng..
[29] Marc Dacier,et al. Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.
[30] Shawn A. Butler. Security attribute evaluation method: a cost-benefit approach , 2002, ICSE '02.
[31] William A. Arbaugh,et al. A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[32] Sushil Jajodia,et al. A weakest-adversary security metric for network configuration security analysis , 2006, QoP '06.
[33] Воробьев Антон Александрович. Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .
[34] David Wright,et al. Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..
[35] Shari Lawrence Pfleeger,et al. Reply to: Comments on "Toward a Framework for Software Measurement Validation" , 1997, IEEE Trans. Software Eng..
[36] Norman F. Schneidewind,et al. Methodology For Validating Software Metrics , 1992, IEEE Trans. Software Eng..
[37] Jeannette M. Wing,et al. Report: Measuring the Attack Surfaces of Enterprise Software , 2009, ESSoS.
[38] Yanguo Michael Liu. Properties for Security Measures of Software Products , 2007 .
[39] Sushil Jajodia,et al. An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.
[40] Jim Alves-Foss,et al. Assessing computer security vulnerability , 1995, OPSR.
[41] Michael Howard,et al. Measuring Relative Attack Surfaces , 2005 .
[42] Linda A. Macaulay,et al. A Rule-Based Approach to Developing Software Development Prediction Models , 1998, Automated Software Engineering.
[43] M WingJeannette,et al. An Attack Surface Metric , 2011 .
[44] Miles A. McQueen,et al. Time-to-Compromise Model for Cyber Risk Reduction Estimation , 2006, Quality of Protection.
[45] Mark R. Crispin. Internet Message Access Protocol - Version 4rev1 , 1996, RFC.
[46] YangJunfeng,et al. An empirical study of operating systems errors , 2001 .
[47] Shari Lawrence Pfleeger,et al. Towards a Framework for Software Measurement Validation , 1995, IEEE Trans. Software Eng..
[48] Ravishankar K. Iyer,et al. Faults, symptoms, and software fault tolerance in the Tandem GUARDIAN90 operating system , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.
[49] Michael D. Smith,et al. Computer security strength and risk: a quantitative approach , 2004 .
[50] T. Olovsson,et al. On measurement of operational security , 1994, IEEE Aerospace and Electronic Systems Magazine.
[51] Shin Ta Liu,et al. Risk Modeling, Assessment, and Management , 1999, Technometrics.
[52] Chris F. Kemerer,et al. An empirical validation of software cost estimation models , 1987, CACM.
[53] Bharat B. Madan,et al. Modeling and quantification of security attributes of software systems , 2002, Proceedings International Conference on Dependable Systems and Networks.
[54] Nancy A. Lynch,et al. An introduction to input/output automata , 1989 .
[55] Jeffrey M. Wooldridge,et al. Solutions Manual and Supplementary Materials for Econometric Analysis of Cross Section and Panel Data , 2003 .
[56] Norman E. Fenton,et al. A Critique of Software Defect Prediction Models , 1999, IEEE Trans. Software Eng..
[57] Atanas Rountev,et al. Building a whole-program type analysis in Eclipse , 2005, eclipse '05.
[58] David John Leversage,et al. Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.
[59] Thomas J. Bouchard,et al. Unobtrusive Measures , 1976 .
[60] R Day,et al. The eclipse open-development platform , 2008 .
[61] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[62] Dawson R. Engler,et al. EXE: automatically generating inputs of death , 2006, CCS '06.
[63] Jim Gray,et al. A census of Tandem system availability between 1985 and 1990 , 1990 .
[64] Feiyi Wang,et al. SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[65] Sushil Jajodia,et al. Toward measuring network security using attack graphs , 2007, QoP '07.
[66] G NeumannPeter,et al. Toward a safer and more secure cyberspace , 2007 .
[67] Jan Vitek,et al. Vulnerability likelihood: a probabilistic approach to software assurance , 2005 .
[68] V. Rich. Personal communication , 1989, Nature.
[69] Shari Lawrence Pfleeger,et al. Software Metrics : A Rigorous and Practical Approach , 1998 .
[70] Rodolphe Ortalo,et al. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..
[71] Michael E. Fagan. Design and Code Inspections to Reduce Errors in Program Development , 1976, IBM Syst. J..
[72] David Wright,et al. Towards Operational Measures of Computer Security: Concepts , 1995 .
[73] P. V. Marsden,et al. Handbook of Survey Research , 1985 .
[74] W. Shadish,et al. Experimental and Quasi-Experimental Designs for Generalized Causal Inference , 2001 .
[75] Arlene Fink,et al. How to Conduct Surveys: A Step-by-Step Guide. Sixth Edition. , 1985 .
[76] Steven M. Bellovin. On the Brittleness of Software and the Infeasibility of Security Metrics , 2006, IEEE Security & Privacy Magazine.
[77] Michael Yanguo Liu. Quantitative security analysis for service-oriented software architectures , 2008 .