Narzędzia help

Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
first previous
cannonical link button

http://yadda.icm.edu.pl:80/baztech/element/bwmeta1.element.baztech-b8b5732c-d6e7-45a7-818d-4ea3499da78d

Czasopismo

International Journal of Electronics and Telecommunications

Tytuł artykułu

Trust and Risk Assessment Model of Popular Software Based on Known Vulnerabilities

Autorzy Janiszewski, M.  Felkner, A.  Olszak, J. 
Treść / Zawartość
Warianty tytułu
Języki publikacji EN
Abstrakty
EN This paper presents a new concept of an approach to risk assessment which can be done on the basis of publicly available information about vulnerabilities. The presented approach uses also the notion of trust and implements many concepts used in so called trust and reputation management systems (which are widely used in WSN, MANET or P2P networks, but also in ecommerce platforms). The article shows first outcomes obtained from the presented model. The outcomes demonstrate that the model can be implemented in real system to make software management more quantified and objective process, which can have real and beneficial impact on institutional security. In article, however the emphasis was set not on the model itself (which can be easily changed) but on the possibility of finding useful information about vulnerabilities.
Słowa kluczowe
EN software vulnerabilities   risk assessment   software management   trust management models   reputation management models   0-day vulnerabilities forecast   risk of information systems   prediction model  
Wydawca Polish Academy of Sciences, Committee of Electronics and Telecommunication
Czasopismo International Journal of Electronics and Telecommunications
Rocznik 2017
Tom Vol. 63, No. 3
Strony 329--336
Opis fizyczny Bibliogr. 24 poz., tab.
Twórcy
autor Janiszewski, M.
  • NASK - Research and Academic Computer Network, Kolska 12, Warsaw, Poland, marek.janiszewski@nask.pl
  • Institute of Telecommunication, Warsaw University of Technology, Nowowiejska 15/19, Warsaw, Poland
autor Felkner, A.
autor Olszak, J.
Bibliografia
[1] S. Zhang, X. Ou, and D. Caragea, ”Predicting Cyber Risks through National Vulnerability Database,” Information Security Journal: A Global Perspective, vol.24, 2015, pp. 194-206, DOI: 10.1080/19393555.2015.1111961
[2] S. Zhang, D. Caragea, and X. Ou, ”An Emperical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities,” LNCS 6860, 2011, pp. 217-231, DOI: 10.1007/978-3-642-23088-2_15
[3] K. Ingols, M. Chu, R. Lippmann, S. Webster, S. Boyer, ”Modeling modern network attacks and countermeasures using attack graphs,” Annual Computer Security Conference, ACSAC, 2009, DOI: 10.1109/ACSAC.2009.21
[4] M. McQueen, T. McQueen, W. Boyer, M. Chaffin, ”Empirical estimates and observations of 0day vulnerabilities,” 42nd Hawaii International Conference on System Sciences, 2009, pp. 1-12
[5] A. Ozment, Vulnerability Discovery & Software Security, PhD thesis, University of Cambridge, 2007
[6] A. Felkner, ”Review and analysis of sources of information about vulnerabilities,” Przegląd telekomunikacyjny i wiadomości telekomunikacyjne, vol. 8-9/2016, 2016, pp. 929-933, DOI: 10.15199/59.2016.8-9.37
[7] Symantec https://www.symantec.com/security_response/landing/_vulnerabilities.%20jsp - access date: 02.05.2017
[8] Common Vulnerabilities and Exposures (CVE) http://www.cve.mitre.org/ access date: 02.05.2017
[9] Dragonsoft vulnerability database http://vdb.dragonsoft.com/ - access date: 02.05.2016, currently not accessible
[10] National Vulnerability Database http://nvd.nist.gov/ access date: 02.05.2017
[11] SecurityFocus http://www.securityfocus.com/vulnerabilities/ - access date: 02.05.2017
[12] Security Tracker http://www.securitytracker.com/ - access date: 02.05.2017
[13] US-CERT vulnerability notes database http://www.kb.cert.org/vuls/ - access date: 02.05.2017
[14] The Computer Incident Response Center Luxembourg http://cve.circl.lu/ - access date: 02.05.2017
[15] CVEdetails http://www.cvedetails.com/ - access date: 02.05.2017
[16] Fulldisclosure http://seclists.org/fulldisclosure/ - access date: 02.05.2017
[17] Exploit-db http://www.exploit-db.com/ - access date: 02.05.2017
[18] Intelligent Exploit http://www.intelligentexploit.com/ - access date: 02.05.2016, currently not accessible
[19] Metasploit (Rapid7) https://www.rapid7.com/db/ - access date: 02.05.2017
[20] Sans http://isc.sans.edu/diary/ - access date:02.05.2017
[21] Vulnerability-lab http://www.vulnerability-lab.com - access date: 02.05.2017
[22] Vulners.com https://vulners.com/ - access date:02.05.2017
[23] Vfeed https://github.com/toolswatch/vFeed - access date:02.05.2017
[24] CPE dcitionary: https://cpe.mitre.org/ - access date:02.05.2017
Uwagi
PL Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę (zadania 2017).
Kolekcja BazTech
Identyfikator YADDA bwmeta1.element.baztech-b8b5732c-d6e7-45a7-818d-4ea3499da78d
Identyfikatory
DOI 10.1515/eletel-2017-0044