Title :
Windows of vulnerability: a case study analysis
Author :
Arbaugh, William A. ; Fithen, William L. ; McHugh, John
Author_Institution :
Dept. of Comput. Sci., Maryland Univ., College Park, MD, USA
fDate :
12/1/2000 12:00:00 AM
Abstract :
The authors propose a life cycle model for system vulnerabilities, then apply it to three case studies to reveal how systems often remain vulnerable long after security fixes are available. For each case, we provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. We then tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, we use a histogram of reported intrusions to show the life of the vulnerability, and we conclude with an analysis specific to the particular vulnerability.
Keywords :
fault tolerant computing; security of data; attackers; case studies; case study analysis; histogram; life cycle model; reported intrusions; security fixes; system vulnerabilities; Acceleration; Automation; Communication system security; Computer aided software engineering; Computer errors; Computer security; Information analysis; Information security; Information technology; Organisms;
