摘要
Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.
Despite the tremendous effort made by industry and academia,we are still searching for metrics that can characterize Cyberspace and system security risks. In this paper,we study the class of security risks that are inherent to the dependence structure in software with vulnerabilities and exhibit a "cascading" effect. We present a measurement framework for evaluating these metrics,and report a preliminary case study on evaluating the dependence-induced security risks in the Apache HTTP Server. The experiment results show that our framework can not only clearly analyze the root cause of the security risks but also quantitatively evaluate the attack consequence of the risks.
基金
supported by Natural Science Foundation of China under award No.61303024
Natural Science Foundation of Jiangsu Province under award No.BK20130372
National 973 Program of China under award No.2014CB340600
National High Tech 863 Program of China under award No.2015AA016002
supported by Natural Science Foundation of China under award No.61272452
supported in part by ARO Grant # W911NF-12-1-0286 and NSF Grant #1111925
