TY - JOUR
T1 - Measuring vulnerabilities and their exploitation cycle
AU - Morakis, Evangelos
AU - Vidalis, Stilianos
AU - Blyth, Andrew
PY - 2003/4/1
Y1 - 2003/4/1
N2 - In a world ruled by chaotic causality, Heisenberg's uncertainty principle is only a natural limitation. Analysts only have their personal logic, experience and intuition to depend on in order to make judgments regarding the safety of a system. However, today's analysts are getting bombarded with large amounts of data coming from all kinds of security-related products, such as vulnerability scanners, anti-viruses, firewalls etc, causing information overload and data congestion. Thus, the question remains: How can analysts make a correct judgment regarding the vulnerabilities from which a system is suffering, especially when all the ammunition he/she possesses can not deal with such a complex, ever-changing environment? To this end, we believe that structuring knowledge/information regarding a specific domain in an object-oriented hierarchy tree, and providing a formal model to reason and construct possible scenarios of attacks, will provide an analyst with the necessary ammunition.
AB - In a world ruled by chaotic causality, Heisenberg's uncertainty principle is only a natural limitation. Analysts only have their personal logic, experience and intuition to depend on in order to make judgments regarding the safety of a system. However, today's analysts are getting bombarded with large amounts of data coming from all kinds of security-related products, such as vulnerability scanners, anti-viruses, firewalls etc, causing information overload and data congestion. Thus, the question remains: How can analysts make a correct judgment regarding the vulnerabilities from which a system is suffering, especially when all the ammunition he/she possesses can not deal with such a complex, ever-changing environment? To this end, we believe that structuring knowledge/information regarding a specific domain in an object-oriented hierarchy tree, and providing a formal model to reason and construct possible scenarios of attacks, will provide an analyst with the necessary ammunition.
UR - http://www.scopus.com/inward/record.url?scp=1942473630&partnerID=8YFLogxK
U2 - 10.1016/S1363-4127(03)00006-2
DO - 10.1016/S1363-4127(03)00006-2
M3 - Article
AN - SCOPUS:1942473630
SN - 1363-4127
VL - 8
SP - 45
EP - 55
JO - Information Security Technical Report
JF - Information Security Technical Report
IS - 4
ER -