Quantitative Security Evaluation for Software System from Vulnerability Database

Quantitative Security Evaluation for Software System from Vulnerability Database

下载PDF

导出

摘要 This paper proposes a quantitative security evaluation for software system from the vulnerability data consisting of discovery date, solution date and exploit publish date based on a stochastic model. More precisely, our model considers a vulnerability life-cycle model and represents the vulnerability discovery process as a non-homogeneous Poisson process. In a numerical example, we show the quantitative measures for contents management system of an open source project. This paper proposes a quantitative security evaluation for software system from the vulnerability data consisting of discovery date, solution date and exploit publish date based on a stochastic model. More precisely, our model considers a vulnerability life-cycle model and represents the vulnerability discovery process as a non-homogeneous Poisson process. In a numerical example, we show the quantitative measures for contents management system of an open source project.

作者 Hiroyuki Okamura Masataka Tokuzane Tadashi Dohi

机构地区 Department of Information Engineering Japan Ground Self-Defense Force

出处《Journal of Software Engineering and Applications》 2013年第4期15-23,共9页 软件工程与应用（英文）

关键词 QUANTITATIVE Security Evaluation VULNERABILITY DATABASE NON-HOMOGENEOUS POISSON Process CONTENTS Management System Quantitative Security Evaluation Vulnerability Database Non-Homogeneous Poisson Process Contents Management System

分类号 TP39 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

1Guiling Liao,Yong Qin,Xiaoqing Cheng,Lisha Pan,Lin He,Shan Yu,Yuan Zhang.Study on the Real-Time Security Evaluation for the Train Service Status Using Safety Region Estimation[J].Journal of Intelligent Learning Systems and Applications,2013,5(4):221-226.
2Sasith M. Rajasooriya,Chris. P. Tsokos,Pubudu Kalpani Kaluarachchi.Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability[J].Journal of Information Security,2017,8(2):125-140. 被引量：1
3Ali J. Harriman,Alper Marshall.A Summary of Research on computer Network attack and Defense Modeling and Simulation[J].Computer System Networking and Telecommunications,2018,1(2):26-33.
4Claudio F.Mahler,Erika Varanda,Luiz C.D.de Oliveira.Analytical Model of Landslide Risk Using GIS[J].Open Journal of Geology,2012,2(3):182-188.
5Corey Wallis,Alison Hutton,Steve Brown,Romana Challans,Paul Gardner-Stephen.Distributed Sensor Logging: As Easy as a Mesh of Yoyos[J].International Journal of Communications, Network and System Sciences,2013,6(6):309-315.
6Yoshinobu Tamura,Hidemitsu Takehara,Shigeru Yamada.Component-Oriented Reliability Analysis Based on Hierarchical Bayesian Model for an Open Source Software[J].American Journal of Operations Research,2011,1(2):25-32.

Journal of Software Engineering and Applications

2013年第4期

浏览历史

内容加载中请稍等...

Quantitative Security Evaluation for Software System from Vulnerability Database

相关作者

相关机构

相关主题

浏览历史