, Open Security Foundation, Open source vulnerability database
, Trusted computer security evaluation criteria, 1985.
, Information technology security evaluation criteria, European Communities, 1991.
, Common criteria for information technology security evaluation, 1996.
, Model-based evaluation: from dependability to security, IEEE Trans. Dependable Secure Comput, vol.1, pp.48-65, 2004.
, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Trans. Softw. Eng, vol.25, pp.633-650, 1999.
, Environment Characterization and System Modeling Approach for the Quantitative Evaluation of Security, Proc. 28th Int. Conf. on Computer Safety, Reliability and Security, pp.89-102, 2009.
, Vulnerability Analysis for a Quantitative Security Evaluation, Proc. Int. Symp. on Empirical Software Engineering and Measurement, pp.526-534, 2009.
DOI : 10.1109/esem.2009.5315969
, A quantitative model of the security intrusion process based on attacker behavior, IEEE Trans. Softw. Eng, vol.23, pp.235-245, 1997.
, Vers une évaluation quantitative de la sécurité informatique, 1994.
, Models and Tools for Quantitative Assessment of Operational Security. Information Systems Security: Facing the Information Society of the 21st Century, pp.177-186, 1996.
DOI : 10.1007/978-1-5041-2919-0_15
, Scenario graphs and attack graphs, 2004.
, Two Formal Analyses of Attack Graphs, Proc. 15th IEEE Computer Security Foundations Workshop, pp.49-63, 2002.
DOI : 10.1109/csfw.2002.1021806
URL : http://www.cs.cmu.edu/%7Ewing/publications/Jha-Wing02.pdf
, Computer-Attack Graph Generation Tool, Proc. DARPA Information Survivability Conf. & Exposition II, pp.307-321, 2001.
DOI : 10.1109/discex.2001.932182
, An Attack Graph-Based Probabilistic Security Metric, Proc. 22nd annual IFIP WG 11.3 Working Conf. on & Data and Applications Security, pp.283-296, 2008.
DOI : 10.1007/978-3-540-70567-3_22
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-540-70567-3_22.pdf
, Extending Attack GraphBased Security Metrics and Aggregating Their Applica-tion, IEEE Transactions on Dependable and Secure Com-puting, vol.99, pp.1545-5971, 2010.
DOI : 10.1109/tdsc.2010.61
URL : http://www.cs.purdue.edu/homes/bb/ExtendingAttackGraph.pdf
,
, Measuring Security Risk of Networks Using Attack Graphs, Int. J. NextGener. Comput, vol.1, pp.135-147, 2010.
, Foundations of Attack Trees. Information Security and Cryptology-ICISC 2005, vol.3935, pp.186-198, 2005.
, On Fasta nd Approximate Attack Tree Computations, Proc. 6th Int. Conf. on Information Security Practice and Experience, ISPEC 2010, vol.6047, pp.56-66, 2010.
, Modeling security threats. Dr Dobb's Journal, 1999.
, Foundations of Attack-Defense Trees, Proc. Formal Aspects of Security and Trust (FAST 2010), vol.6561, pp.80-95, 2011.
, Assessing the Risk of Using Vulnerable Components. Quality of Protection, pp.65-77, 2006.
, A complete guide to the Common Vulnerability Scoring System Version 2
, Windows of vulnerability: a case study analysis, Computer, vol.33, pp.52-59, 2000.
, Is finding security holes a good idea?, IEEE Secur. Priv, vol.3, pp.14-19, 2005.
, Security Econometrics-The Dynamics of (In)Security. Eth zurich, PhD dissertation, 2009.
, Measuring Network Security Using Bayesian Network-Based Attack Graphs, Proc. 32nd Annual IEEE Int. Computer Software and Applications (COMPSAC'08), pp.698-703, 2008.
, Using Bayesian Networks for Cyber Security Analysis, 2010.
, Conf. on Dependable Systems and Networks (DSN-2010), pp.211-220
, A Method of Security Evaluation based on Fuzzy Mathematics, Proc. Int. Conf. on Apperceiving Computing and Intelligence Analysis, pp.106-109, 2008.
, RRE: A Game-Theoretic Intrusion Response and Recovery Engine, Proc. 2009 IEEE/IFIP Int. Conf. on Dependable Systems and Networks (DSN-2009), pp.439-448, 2009.
, Dealing with software viruses: a biological paradigm, Inf. Sec. Tech. Rep, vol.12, pp.242-250, 2007.
, Modeling and simulation study of the propagation and defense of Internet E-mail Worms, IEEE Trans. Dependable Secure Comput, vol.4, pp.105-118, 2007.
, The Development of Meaningful Hacker Taxonomy: A Two Dimensional Approach, 2005.
, A two-dimensional circumplex approach to the development of a hacker taxonomy, Digital Invest, vol.3, pp.97-102, 2006.
, Lessons Learned from the Deployment of a HighInteraction Honeypot. EDCC'06: Proc. 6th European, p.1200, 2006.
URL : https://hal.archives-ouvertes.fr/hal-00140355
, Dependable Computing Conf, pp.39-46
, Stochastic Activity Networks: Formal Definitions and Concepts. Lectures on Formal Methods and Performance Analysis: First EEF/Euro Summer School on Trends in Computer Science, pp.315-343, 2002.
, The Möbius framework and its implementation, IEEE Trans. Softw. Eng, vol.28, pp.956-969, 2002.
, Impact of Vulnerability Disclosure and Patch Availabilityan Empirical Analysis, 2004.
, Large1215 Scale Vulnerability Analysis. LSAD'06: Proc. 2006 SIGCOMM Workshop on Large-Scale Attack Defense, pp.131-138, 2006.
, Milkor Wine: Does Software Security Improve with Age? USENIX-SS'06: Proc. 15th Conf. on USENIX Security Symp, 2006.
, Symantec global internet security threat report, vol.17, 2011.
, Ibm internet security systems x-force 2008 trend & risk report, IBM Global Technology Services, 2009.
, Security Focus. Security focus vulnerability database
, Secunia vulnerability database
, Probability of Attack Based on System Vulnerability Life Cycle. ISECS'08: Proc, Int. Symp. on Electronic Commerce and Security, pp.531-535, 2008.
DOI : 10.1109/isecs.2008.212
, The choice of a class interval, J. Am. Stat. Assoc, vol.21, pp.65-66, 1926.
, The easyfit tool
, Cyber Attack Modeling and Simulation for Network Security Analysis. WSC'07: Proc. 39th Conf. on Winter Simulation, pp.1180-1188, 2007.
DOI : 10.1109/wsc.2007.4419720
URL : http://www.informs-sim.org/wsc07papers/139.pdf
, Time-to-Compromise Model for Cyber Risk Reduction Estimation, Quality of Protection, pp.49-64, 2006.
, Requirements for information security management systems, 2005.
, Code of practice for information security management, 2005.