论文信息 - The Remedy Dimension of Vulnerability Analysis

The Remedy Dimension of Vulnerability Analysis

This work is aimed at supporting system and information owners in their mission to apply a proper remedy when a security flaw is discovered during system operation. A broad analysis of the different aspects of flaw remediation has resulted in a structured taxonomy that will guide the system and information owners through the remedy identification process. The information produced in the process will help to make decisions about changes to the system or procedures. A selected vulnerability that was able to be removed using three different remedies is used as an example.

Erland Jonsson | Ulf Lindqvist | Per Kaijser

[1] Simson L. Garfinkel,et al. Practical UNIX and Internet Security , 1996 .

[2] J. Davenport. Editor , 1960 .

[3] Peter G. Neumann,et al. Architectures and Formal Representations for Secure Systems , 1995 .

[4] Eugene H. Spafford,et al. Use of A Taxonomy of Security Faults , 1996 .

[5] Erland Jonsson,et al. How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[7] Carl E. Landwehr,et al. Formal Models for Computer Security , 1981, CSUR.

[8] Carl E. Landwehr,et al. A taxonomy of computer program security flaws , 1993, CSUR.

[9] Hermann Kopetz,et al. Dependability: Basic Concepts and Terminology , 1992 .

[10] Harold Joseph Highland,et al. Contingency planning: What to do when bad things happen to good systems: Jay. J. Kahn and Marshall D. Abrams, The MITRE Corp., McLean, VA, USA , 1995 .

[11] Marvin V. Zelkowitz,et al. Striving for correctness , 1995, Comput. Secur..