Computer Vulnerability Evaluation Using Fault Tree Analysis
For analyzing computer system security, the system visitor could be classified into five kinds by his privilege to access system resource, and presented the model base on privilege escalation. The attacker can enhance his privilege by exploiting vulnerability, according to distribution of vulnerabilities privilege set, we could construct fault tree to reflect distinctly potential attack path, and so this method could quantificational express security state at different security policy via analyzing fault tree.
KeywordsSecurity Policy Computer Security Fault Tree Access Control Policy Security Evaluation
Unable to display preview. Download preview PDF.
- 1.CERT/CC.: CERT/CC Statistics (1988-2003), Available online at http://www.cert.org/stats/cert_stats.html#vulnerabilities
- 3.NMAP (2004), http://www.insecure.org/nmap/index.html
- 4.Arkin, O.: ICMP Usage in Scanning, Version 3.0 (June 2003)Google Scholar
- 5.ISS (2004), http://www.iss.com/
- 7.Ramakrishnan, C., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10(1-2), 189–209 (2002)Google Scholar
- 8.Yuan, W., Fan, J., Guo-liang, C.: A Network Security Analysis Method Research and Application Based on Graph Theory. Mini-Micro Systems 24(10), 1865–1869 (2003)Google Scholar
- 9.Longstaff, T.: Update: Cert/cc vulnerability knowledgebase. In: Technical presentation at a DARPA workshop in Savannah, Georgia (February 1997)Google Scholar
- 10.Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S.: Towards Operational Measures of Computer Security. Journal of Computer Security 2(2/3), 211–229 (1993)Google Scholar
- 11.Xu-jia, X., Chuang, L., Yi-xin, J.: A Survey of Computer Vulnerability Assessment. Chinese Journal of Computers 27, 1–11 (2004)Google Scholar
- 12.Li-dong, W.: Quantitative Security Risk Assessment Method for Computer System and Network. Ph.D.thesis, Harbin Institute of Technology, 3 (2002)Google Scholar
- 13.Yong-zheng, Z., Xiao-chun, Y.: A New Vulnerbality Taxomomy Based on Privilege Escalation. In: 2004 Sixth Internatioan Conference on Enterprise Information Systems Proceedings. Porto: INSTICC (2004)Google Scholar