Title :
Identifying Potentially-Impacted Area by Vulnerabilities in Networked Systems Using CVSS
Author :
Harada, Toshiki ; Kanaoka, Akira ; Okamoto, Eiji ; Kato, Masahiko
Author_Institution :
Grad. Sch. of Syst. Inf. Eng. Dept., Univ. of Tsukuba, Tsukuba, Japan
Abstract :
CVSS (Common Vulnerability Scoring System) is a framework scoring IT vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental. Although, the environmental score which gives risk of vulnerabilities in network environment of each user should be used for prioritizing actions, only base score is currently used. One of the reason for unused of environmental score is hard to score uniquely, because the criterion for determining ”Target Distribution (TD),” which is a parameter indicating impacted proportion, is vague. We propose a method for identifying the potentially-impacted area enabling TD measurement in networked systems in terms of three security objectives: confidentiality, integrity and availability. We also apply the method to some model cases of networked systems, and assess their TD. The results correspond to a popular wisdom that trilayer structure is more secure.
Keywords :
authorisation; computer network security; data integrity; CVSS; common vulnerability scoring system; environmental score; networked system; potentially impacted area; target distribution; trilayer structure; Availability; Computational modeling; Computers; Databases; Internet; Measurement; Security; CVSS; cloud computing; environmental score; network model;
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
DOI :
10.1109/SAINT.2010.105
