32,192 Hits in 5.9 sec

Effective Network Vulnerability Assessment through Model Abstraction [chapter]

Su Zhang, Xinming Ou, John Homer
2011 Lecture Notes in Computer Science  
We show that the attack graphs generated from this type of abstracted inputs are not only much smaller, but also provide more realistic quantitative vulnerability metrics for the whole system.  ...  We conducted experiments on both synthesized and production systems to demonstrate the effectiveness of our approach.  ...  For this reason, these vulnerabilities can be grouped together as a single vulnerability and an aggregate metric can be assigned as the indicator on the success likelihood of exploiting any one of them  ... 
doi:10.1007/978-3-642-22424-9_2 fatcat:6rqyp76lj5adlkazwnf2qghmuu

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis

H. Abdo, M. Kaouk, J.-M. Flaus, F. Masse
2018 Computers & security  
We then propose an approach for evaluating the risk level based on two-term likelihood parts, one for safety and one for security.  ...  The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable safety  ...  Acknowledgments This work is based on research supported and funded by the French National Institute for Industrial Environment and Risks (INERIS).  ... 
doi:10.1016/j.cose.2017.09.004 fatcat:gmo67auuj5e4bbdchsuga37z2m

Risk-aware decision support with constrained goal models

Nikolaos Argyropoulos, Konstantinos Angelopoulos, Haralambos Mouratidis, Andrew Fish, Steven Furnell, Steven Furnell
2018 Information and Computer Security  
Purpose -The selection of security configurations for complex information systems is a cumbersome process.  ...  The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information  ...  The probability of a vulnerability being exploited for the manifestation of a security attack is captured by the Likelihood attribute.  ... 
doi:10.1108/ics-01-2018-0010 fatcat:3msv6h2syjebrn7fnwkepej34a

Attack Graph-Based Risk Assessment and Optimisation Approach

Mohammed Alhomidi, Martin Reed
2014 International journal of network security and its applications  
An attack graph allows the representation of vulnerabilities, exploits and conditions for each attack in a single unifying model.  ...  The population-based strategy of a GA provides a natural way of exploring a large number of possible attack paths to find the paths that are most important.  ...  the likelihood that a vulnerability associated with vertex is exploited.  ... 
doi:10.5121/ijnsa.2014.6303 fatcat:ly3dtd2h6ncitnlyzkw7kzncsy

Attack Graph-Based Risk Assessment and Optimisation Approach

Mohammed Alhomidi, Martin Reed
2014 Journal of Internet Technology and Secured Transaction  
An attack graph allows the representation of vulnerabilities, exploits and conditions for each attack in a single unifying model.  ...  The population-based strategy of a GA provides a natural way of exploring a large number of possible attack paths to find the paths that are most important.  ...  There is a probability Pi associated with each vertex that represents the likelihood of an attacker exploiting vulnerability without considering the pre-conditions.  ... 
doi:10.20533/jitst.2046.3723.2014.0029 fatcat:s2psoitajfetbfcoo7xuclws4m

A framework for measuring the vulnerability of hosts

Karen Scarfone, Tim Grance
2008 2008 1st International Conference on Information Technology  
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks.  ...  The framework uses a highly automatable metrics-based approach, producing rapid and consistent measurements for quantitative risk assessment and for attack and vulnerability modeling.  ...  security state of the system and the likelihood that it will be compromised within a certain period.  ... 
doi:10.1109/inftech.2008.4621610 fatcat:c7rrmjm3bvhlbaawcw6yxyoxpy

Assessing Risks and Modeling Threats in the Internet of Things [article]

Paul Griffioen, Bruno Sinopoli
2021 arXiv   pre-print
In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack.  ...  Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that  ...  Lastly, we thank Vyas Sekar for his valuable comments on early versions of this paper.  ... 
arXiv:2110.07771v1 fatcat:kjafvn6gsnhlzaiugwmg2336eu

Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain [chapter]

Stefan Taubenberger, Jan Jürjens, Yijun Yu, Bashar Nuseibeh
2011 IFIP Advances in Information and Communication Technology  
The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts.  ...  In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches.  ...  Supported, in part, by the EU as part of the SecureChange project and SFI grant 03/CE2/I303_1.  ... 
doi:10.1007/978-3-642-21424-0_21 fatcat:vj452gjwq5h2bl5zdl6obbx43q

Quantifying Security Risk by Critical Network Vulnerabilities Assessment

Umesh Kumar, Chanchala Joshi
2016 International Journal of Computer Applications  
The HM measures the probability of successful exploits by estimation of impact and likelihood of the attacks, which is to quantify the degree of security strength against vulnerability exploit in a network  ...  An attacker can exploit these vulnerabilities to gain unauthorized access to the system. Hence, detection and remediation of network vulnerabilities is critical for network security.  ...  ACKNOWLEDGMENTS The authors are thankful to MP Council of Science and Technology, Bhopal, for providing support and financial grant for the research work.  ... 
doi:10.5120/ijca2016912426 fatcat:q26ovxr2cndxtd7bjqmeckc6ku

Methodologies to Develop Quantitative Risk Evaluation Metrics

Thaier Hamid, Carsten Maple, Paul Sant
2012 International Journal of Computer Applications  
The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by  ...  We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels  ...  QUANTITATIVE RISK EVALUATION The risk is defined to be a function of the probability (likelihood) and the severity (impact) of the probable breaches on the systems.  ... 
doi:10.5120/7416-0413 fatcat:qntwblk5xregnlfg7piapvtkca

Quantitative risk assessment to enhance aeromacs security in SESAR

Mohamed Slim Ben Mahmoud, Nicolas Larrieu, Alain Pirovano
2012 2012 Integrated Communications, Navigation and Surveillance Conference  
The risk analysis is based on a new approach for network security assessment that measures quantitatively the network risk level.  ...  We specifically focus on the access network vulnerabilities, and a first network risk study is conducted for a predefined scenario.  ...  Thus, we use the likelihood of occurrence of a threat exploiting a given vulnerability on a node and its impact on that node.  ... 
doi:10.1109/icnsurv.2012.6218388 fatcat:rgaic5kp25c3jhtyjnkm5p4d5e

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

Vitalii Yesin, Mikolaj Karpinski, Maryna Yesina, Vladyslav Vilihura, Stanislaw A. Rajba
2021 Applied Sciences  
The essence of improving the Clements–Hoffmann model is to expand it by including a set of object vulnerabilities. Vulnerability is considered as a separate objectively existing category.  ...  This makes it possible to evaluate both the likelihood of an unwanted incident and the database security as a whole more adequately.  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/app112311175 fatcat:mboj7avfhneqhbnicmkqmwjika

Risk Assessment for Airworthiness Security [chapter]

Silvia Gil Casals, Philippe Owezarski, Gilles Descargues
2012 Lecture Notes in Computer Science  
This paper gives main characteristics for a security risk assessment methodology to be integrated in the early design of airborne systems development and compliant with airworthiness security standards  ...  The era of digital avionics is opening a fabulous opportunity to improve aircraft operational functions, airline dispatch and service continuity.  ...  Similarly to the safety inductive approach of Failure Mode and Effect Analysis (FMEA), the security vulnerability assessment is a bottomup approach: it aims at identifying potential security vulnerabilities  ... 
doi:10.1007/978-3-642-33678-2_3 fatcat:jk54wgwsjjbmvgqpj2f6eta37a

Measurement of Security Dangers in University Network

Umesh Kumar, Chanchala Joshi, Neha Gaud
2016 International Journal of Computer Applications  
The proposed model lower the risk of security breach by supporting three phase activities; the first phase identified the threats and vulnerabilities in order to know the weak point in educational environment  ...  , the second phase focuses on the highest risk which means it prioritize what matters most and create actionable remediation plan, the third phase of risk assessment model recognizes the vulnerability  ...  The authors are highly thankful to Madhya Pradesh Council of Science and Technology, Bhopal for providing financial grant and support for this research project.  ... 
doi:10.5120/ijca2016911584 fatcat:z4hry37rmnfg7cjr5dfkggbzku

Holistic Approach to Information Security Risk Management

Pratik Sawant, KPMG, India
2020 International Journal of Engineering Research and  
Risk management is mandatory requirement of ISO 27001:2013 and ISO 22301:2012 standards and the organization going for these certifications must comply with it.  ...  Risk management activity usually precedes and help define audit plans and facilitate the development of a corporate security plan.  ...  Elements used in risk identification were threats and vulnerabilities. Factors used for risk assessment were likelihood and impact. We have presented a quantitative view of these factors.  ... 
doi:10.17577/ijertv9is070004 fatcat:2jhtodjedbhuzisw6gtmm7aqa4
« Previous Showing results 1 — 15 out of 32,192 results