2.50
Hdl Handle:
http://hdl.handle.net/10547/279153
Title:
Methodologies to develop quantitative risk evaluation metrics
Authors:
Hamid, Thaier; Maple, Carsten; Sant, Paul
Abstract:
The goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.
Citation:
Thaier Hamid, Carsten Maple and Paul Sant, (2012) 'Methodologies to Develop Quantitative Risk Evaluation Metrics' 48 (14):17-24 International Journal of Computer Applications
Publisher:
FCS - Foundation of Computer Science, USA
Journal:
International Journal of Computer Applications
Issue Date:
2012
URI:
http://hdl.handle.net/10547/279153
DOI:
10.5120/7416-0413
Additional Links:
http://research.ijcaonline.org/volume48/number14/pxc3880413.pdf
Type:
Article
Language:
en
ISSN:
0975-8887
Appears in Collections:
Centre for Research in Distributed Technologies (CREDIT)

Full metadata record

DC FieldValue Language
dc.contributor.authorHamid, Thaieren_GB
dc.contributor.authorMaple, Carstenen_GB
dc.contributor.authorSant, Paulen_GB
dc.date.accessioned2013-04-07T16:07:35Z-
dc.date.available2013-04-07T16:07:35Z-
dc.date.issued2012-
dc.identifier.citationThaier Hamid, Carsten Maple and Paul Sant, (2012) 'Methodologies to Develop Quantitative Risk Evaluation Metrics' 48 (14):17-24 International Journal of Computer Applicationsen_GB
dc.identifier.issn0975-8887-
dc.identifier.doi10.5120/7416-0413-
dc.identifier.urihttp://hdl.handle.net/10547/279153-
dc.description.abstractThe goal of this work is to advance a new methodology to measure a severity cost for each host using the Common Vulnerability Scoring System (CVSS) based on base, temporal and environmental metrics by combining related sub-scores to produce a unique severity cost by modeling the problem's parameters in to a mathematical framework. We build our own CVSS Calculator using our equations to simplify the calculations of the vulnerabilities scores and to benchmark with other models. We design and develop a new approach to represent the cost assigned to each host by dividing the scores of the vulnerabilities to two main levels of privileges, user and root, and we classify these levels into operational levels to identify and calculate the severity cost of multi steps vulnerabilities. Finally we implement our framework on a simple network, using Nessus scanner as tool to discover known vulnerabilities and to implement the results to build and represent our cost centric attack graph.en_GB
dc.language.isoenen
dc.publisherFCS - Foundation of Computer Science, USAen_GB
dc.relation.urlhttp://research.ijcaonline.org/volume48/number14/pxc3880413.pdfen_GB
dc.rightsArchived with thanks to International Journal of Computer Applicationsen_GB
dc.subjectquantifying securityen_GB
dc.subjectCvssv2en_GB
dc.titleMethodologies to develop quantitative risk evaluation metricsen
dc.typeArticleen
dc.identifier.journalInternational Journal of Computer Applicationsen_GB
This item is licensed under a Creative Commons License
Creative Commons
All Items in UOBREP are protected by copyright, with all rights reserved, unless otherwise indicated.