Image Database Export Citations


Highlighting Vulnerabilities via Context-Aware Framework

Show full item record

Type: Working Paper
Author: Chang, Eric
Date: 2017
Agency: Yale University
Series: Working Paper
URI: https://hdl.handle.net/10535/10260
Sector: Information & Knowledge
Region: North America
Subject(s): models
Abstract: It is known to be full of challenges to score vulnerabilities based on various security requirements in cloud services. Although there have been several systems for scoring vulnerabilities (e.g., CVSS), most of them are unable to be leveraged to score vulnerabilities in cloud services, because they fail to consider some important factors located in cloud such as business context (i.e., dependency relationships between services) and threat levels of the same vulnerability on various security requirements. This paper aims to propose a novel framework to qualify and rank the vulnerabilities based on their threat degrees in cloud service. Through inputting or constructing service dependency graph, our framework is able to generate the importance degree of each service and the ranking list of all the vulnerabilities in cloud service. Moreover, our framework can be adopted not only into various cloud infrastructures, but also different categories of algorithms according to concrete requirements. To evaluate our framework, we adopt AssetRank algorithm into the framework, and present the whole design of our work. Comprehensive experiments prove the effectiveness of our framework on qualifying and ranking vulnerabilities in cloud service.

Files in this item

Files Size Format View xmlui.dri2xhtml.METS-1.0.item-files-description
llncs.pdf 373.9Kb PDF View/Open Main article

This item appears in the following document type(s)

Show full item record