A vulnerability life cycle based security modeling and evaluation approach - LAAS - Laboratoire d'Analyse et d'Architecture des Systèmes Accéder directement au contenu
Article Dans Une Revue The Computer Journal Année : 2013

A vulnerability life cycle based security modeling and evaluation approach

Résumé

The objective of this work is the evaluation of information systems security using quantitative measures. These measures aim at forecasting risks and providing information to monitor the security level of the system in operation. In our approach, we take into account some environmental factors that have a significant impact on the security of the system. We have identified three such factors that are related to the vulnerability exploitation process: the vulnerability life cycle, the behavior of the attackers and the behavior of the system administrator. We have studied the interdependencies between these factors and how the evolution of these factors could impact the system security. From this study, we have defined quantitative security measures taking into account these environmental factors and we have developed a model based on Stochastic Activity Networks (SANs), describing how the vulnerability exploitation process could lead to system to be compromised. We have distinguished two scenarios according to whether the vulnerability is discovered by a malicious user or not. By analysing a vulnerability database, we have characterised the probability of occurrence of several events of the vulnerability life cycle. This characterization helped us to quantify the measures by processing the SAN model.
Fichier principal
Vignette du fichier
ComputerJournal-Hal.pdf (1.99 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01911985 , version 1 (05-11-2018)

Identifiants

Citer

Géraldine Vache Marconato, Mohamed Kaâniche, Vincent Nicomette. A vulnerability life cycle based security modeling and evaluation approach. The Computer Journal, 2013, 56 (4), pp.422 - 439. ⟨10.1093/comjnl/bxs112⟩. ⟨hal-01911985⟩
163 Consultations
27 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More