Title :
A framework for measuring the vulnerability of hosts
Author :
Scarfone, Karen ; Grance, Tim
Author_Institution :
Nat. Inst. of Stand. & Technol., Washington, DC
Abstract :
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually constructed models, and most approaches have examined software flaws only, not other vulnerabilities such as software misconfiguration and software feature misuse. The framework uses a highly automatable metrics-based approach, producing rapid and consistent measurements for quantitative risk assessment and for attack and vulnerability modeling. In this paper, we propose the framework and its components and describe the work needed to implement them.
Keywords :
risk management; software metrics; software reliability; automatable metric-based approach; host vulnerability measurement; quantitative risk assessment; software feature misuse; software flaw; software misconfiguration; vulnerability modeling; Automatic generation control; Best practices; Character generation; Current measurement; Data security; Information technology; NIST; National security; Risk analysis; Risk management;
Conference_Titel :
Information Technology, 2008. IT 2008. 1st International Conference on
Conference_Location :
Gdansk
Print_ISBN :
978-1-4244-2244-9
Electronic_ISBN :
978-1-4244-2245-6
DOI :
10.1109/INFTECH.2008.4621610
