A framework for measuring the vulnerability of hosts

Author

Scarfone, Karen ; Grance, Tim

Author_Institution

Nat. Inst. of Stand. & Technol., Washington, DC

fYear

2008

fDate

18-21 May 2008

Firstpage

1

Lastpage

4

Abstract

This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually constructed models, and most approaches have examined software flaws only, not other vulnerabilities such as software misconfiguration and software feature misuse. The framework uses a highly automatable metrics-based approach, producing rapid and consistent measurements for quantitative risk assessment and for attack and vulnerability modeling. In this paper, we propose the framework and its components and describe the work needed to implement them.

Keywords

risk management; software metrics; software reliability; automatable metric-based approach; host vulnerability measurement; quantitative risk assessment; software feature misuse; software flaw; software misconfiguration; vulnerability modeling; Automatic generation control; Best practices; Character generation; Current measurement; Data security; Information technology; NIST; National security; Risk analysis; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology, 2008. IT 2008. 1st International Conference on

Conference_Location

Gdansk

Print_ISBN

978-1-4244-2244-9

Electronic_ISBN

978-1-4244-2245-6

Type

conf

DOI

10.1109/INFTECH.2008.4621610

Filename

4621610