Title :
Automated Risk Assessment for Sources and Targets of Vulnerability Exploitation
Author :
Rasheed, Hassan ; Chow, Randy Y C
Author_Institution :
Dept. of Comput. & Inf. Sci. & Eng., Univ. of Florida, Gainesville, FL, USA
fDate :
March 31 2009-April 2 2009
Abstract :
We extend existing work on security metrics by proposing a method to monitor the state of system entities in real-time. The primary focus is assessing the risk to and from access control request sources and targets. This process is critical in building effective dynamic access control methods that utilize assessment data for policy enforcement. Information on vulnerability exploitation attempts is used to derive risk assessments for entities in the system. To validate the approach, we demonstrate the use of our assessment method on analyzing the sources and targets in a widely used intrusion detection data set.
Keywords :
authorisation; risk management; automated risk assessment; dynamic access control method; intrusion detection; security metrics; system vulnerability exploitation; Access control; Computer science; Computer security; Computerized monitoring; Data security; Humans; Information science; Information security; Intrusion detection; Risk management; Risk Metrics; Vulnerability Assessment;
Conference_Titel :
Computer Science and Information Engineering, 2009 WRI World Congress on
Conference_Location :
Los Angeles, CA
Print_ISBN :
978-0-7695-3507-4
DOI :
10.1109/CSIE.2009.947
