A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit <a rel="external noopener" href="http://pdfs.semanticscholar.org/ab4c/1a85313fc9657ac550c3c64edf223f1a29a2.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
<i title="Springer International Publishing">
<a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a>
Software systems are invariably vulnerable to exploits, thus the need to assess their security in order to quantify the associated risk their usage entails. However, existing vulnerability assessment approaches e.g., vulnerability analyzers, have two major constraints: (a) they need the system to be already deployed to perform the analysis and, (b) they do not consider the criticality of the system within the business processes of the organization. As a result, many users, in particular small<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-04897-0_13">doi:10.1007/978-3-319-04897-0_13</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/kcj6ccrofvekpbj2iusxmzpayu">fatcat:kcj6ccrofvekpbj2iusxmzpayu</a> </span>
more »... d medium-sized enterprizes are often unaware about assessing the actual technical and economical impact of vulnerability exploits in their own organizations, before the actual system's deployment. Drawing upon threat modeling techniques (i.e., attack trees), we propose a usercentric methodology to quantitatively perform a software configuration's security assessment based on (i) the expected economic impact associated with compromising the system's security goals and, (ii) a method to rank available configurations with respect to security. This paper demonstrates the feasibility and usefulness of our approach in a real-world case study based on the Amazon EC2 service. Over 2000 publicly available Amazon Machine Images are analyzed and ranked with respect to a specific business profile, before deployment in the Amazon's Cloud.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190302231201/http://pdfs.semanticscholar.org/ab4c/1a85313fc9657ac550c3c64edf223f1a29a2.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/ab/4c/ab4c1a85313fc9657ac550c3c64edf223f1a29a2.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-04897-0_13"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>