• DocumentCode
    495598
  • Title

    Automated Risk Assessment for Sources and Targets of Vulnerability Exploitation

  • Author

    Rasheed, Hassan ; Chow, Randy Y C

  • Author_Institution
    Dept. of Comput. & Inf. Sci. & Eng., Univ. of Florida, Gainesville, FL, USA
  • Volume
    1
  • fYear
    2009
  • fDate
    March 31 2009-April 2 2009
  • Firstpage
    150
  • Lastpage
    154
  • Abstract
    We extend existing work on security metrics by proposing a method to monitor the state of system entities in real-time. The primary focus is assessing the risk to and from access control request sources and targets. This process is critical in building effective dynamic access control methods that utilize assessment data for policy enforcement. Information on vulnerability exploitation attempts is used to derive risk assessments for entities in the system. To validate the approach, we demonstrate the use of our assessment method on analyzing the sources and targets in a widely used intrusion detection data set.
  • Keywords
    authorisation; risk management; automated risk assessment; dynamic access control method; intrusion detection; security metrics; system vulnerability exploitation; Access control; Computer science; Computer security; Computerized monitoring; Data security; Humans; Information science; Information security; Intrusion detection; Risk management; Risk Metrics; Vulnerability Assessment;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Information Engineering, 2009 WRI World Congress on
  • Conference_Location
    Los Angeles, CA
  • Print_ISBN
    978-0-7695-3507-4
  • Type

    conf

  • DOI
    10.1109/CSIE.2009.947
  • Filename
    5171152
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=495598