By Topic

Identifying Potentially-Impacted Area by Vulnerabilities in Networked Systems Using CVSS

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Harada, T. ; Grad. Sch. of Syst. Inf. Eng. Dept., Univ. of Tsukuba, Tsukuba, Japan ; Kanaoka, A. ; Okamoto, E. ; Kato, M.

CVSS (Common Vulnerability Scoring System) is a framework scoring IT vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental. Although, the environmental score which gives risk of vulnerabilities in network environment of each user should be used for prioritizing actions, only base score is currently used. One of the reason for unused of environmental score is hard to score uniquely, because the criterion for determining ”Target Distribution (TD),” which is a parameter indicating impacted proportion, is vague. We propose a method for identifying the potentially-impacted area enabling TD measurement in networked systems in terms of three security objectives: confidentiality, integrity and availability. We also apply the method to some model cases of networked systems, and assess their TD. The results correspond to a popular wisdom that trilayer structure is more secure.

Published in:

Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on

Date of Conference:

19-23 July 2010