By Topic

A formal methodology for detection of vulnerabilities in an enterprise information system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Anirban Sengupta ; Centre for Distributed Computing, Jadavpur University, Kolkata, India ; Chandan Mazumdar ; Aditya Bagchi

From information security point of view, an enterprise is considered as a collection of assets and their interrelations. These interrelations may be built into the enterprise information infrastructure, as in the case of connection of hardware elements in network architecture, or installation of software or information assets in hardware. As a result, access to one element may enable access to another if they are connected. An enterprise may specify conditions on the access of certain assets in certain mode (read, write etc.) as policies. The interconnection of assets, along with specified policies, may lead to managerial vulnerabilities in the enterprise information system. These vulnerabilities, if exploited by threats, may cause disruption to the normal functioning of information systems. This paper presents a formal method for detection of managerial vulnerabilities of enterprise information systems in linear time.

Published in:

Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on

Date of Conference:

19-22 Oct. 2009