论文信息 - A framework for measuring the vulnerability of hosts

A framework for measuring the vulnerability of hosts

This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually constructed models, and most approaches have examined software flaws only, not other vulnerabilities such as software misconfiguration and software feature misuse. The framework uses a highly automatable metrics-based approach, producing rapid and consistent measurements for quantitative risk assessment and for attack and vulnerability modeling. In this paper, we propose the framework and its components and describe the work needed to implement them.

K. Scarfone | T. Grance

[1] David John Leversage,et al. Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[2] Svein J. Knapskog,et al. A Framework for Predicting Security and Dependability Measures in Real-time , 2007 .

[3] Ehab Al-Shaer,et al. Vulnerability analysis For evaluating quality of protection of security policies , 2006, QoP '06.

[4] Marco Domenico Aime,et al. AMBRA: automated model-based risk analysis , 2007, QoP '07.

[5] Richard P. Lippmann,et al. An Annotated Review of Past Papers on Attack Graphs , 2005 .

[6] Karen A. Scarfone,et al. A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[7] Indrajit Ray,et al. Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.