Computer Vulnerability Evaluation Using Fault Tree Analysis

  • Tao Zhang
  • Mingzeng Hu
  • Xiaochun Yun
  • Yongzheng Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3439)


For analyzing computer system security, the system visitor could be classified into five kinds by his privilege to access system resource, and presented the model base on privilege escalation. The attacker can enhance his privilege by exploiting vulnerability, according to distribution of vulnerabilities privilege set, we could construct fault tree to reflect distinctly potential attack path, and so this method could quantificational express security state at different security policy via analyzing fault tree.


Security Policy Computer Security Fault Tree Access Control Policy Security Evaluation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CERT/CC.: CERT/CC Statistics (1988-2003), Available online at
  2. 2.
    de Vivo, M., Carrasco, E.: A review of port scanning techniques. ACM SIGCOMM Computer Communication Review 29(2), 41–48 (1999)CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Arkin, O.: ICMP Usage in Scanning, Version 3.0 (June 2003)Google Scholar
  5. 5.
    ISS (2004),
  6. 6.
    Ortalo, R., Deswarte, Y.: Affiliate: Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transactions on Software Engineering 25(5), 633–650 (1999)CrossRefGoogle Scholar
  7. 7.
    Ramakrishnan, C., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10(1-2), 189–209 (2002)Google Scholar
  8. 8.
    Yuan, W., Fan, J., Guo-liang, C.: A Network Security Analysis Method Research and Application Based on Graph Theory. Mini-Micro Systems 24(10), 1865–1869 (2003)Google Scholar
  9. 9.
    Longstaff, T.: Update: Cert/cc vulnerability knowledgebase. In: Technical presentation at a DARPA workshop in Savannah, Georgia (February 1997)Google Scholar
  10. 10.
    Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S.: Towards Operational Measures of Computer Security. Journal of Computer Security 2(2/3), 211–229 (1993)Google Scholar
  11. 11.
    Xu-jia, X., Chuang, L., Yi-xin, J.: A Survey of Computer Vulnerability Assessment. Chinese Journal of Computers 27, 1–11 (2004)Google Scholar
  12. 12.
    Li-dong, W.: Quantitative Security Risk Assessment Method for Computer System and Network. Ph.D.thesis, Harbin Institute of Technology, 3 (2002)Google Scholar
  13. 13.
    Yong-zheng, Z., Xiao-chun, Y.: A New Vulnerbality Taxomomy Based on Privilege Escalation. In: 2004 Sixth Internatioan Conference on Enterprise Information Systems Proceedings. Porto: INSTICC (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Tao Zhang
    • 1
  • Mingzeng Hu
    • 1
  • Xiaochun Yun
    • 1
  • Yongzheng Zhang
    • 1
  1. 1.Computer Network and Information Security Technique Research CenterHarbin Institute of TechnologyHarbinChina

Personalised recommendations