Windows of vulnerability: a case study analysis
Arbaugh, W.A.
Fithen, W.L.
McHugh, J.
Dept. of Comput. Sci., Maryland Univ., College Park, MD, USA;
This paper appears in: Computer
Publication Date: Dec 2000
Volume: 33,
Issue: 12
On page(s): 52- 59
ISSN: 0018-9162
INSPEC Accession Number: 6790374
Digital Object Identifier: 10.1109/2.889093
Current Version Published: 2002-08-06
Abstract
The authors propose a life cycle model for system vulnerabilities, then apply it to three case studies to reveal how systems often remain vulnerable long after security fixes are available. For each case, we provide background information about the vulnerability, such as how attackers exploited it and which systems were affected. We then tie the case to the life-cycle model by identifying the dates for each state within the model. Finally, we use a histogram of reported intrusions to show the life of the vulnerability, and we conclude with an analysis specific to the particular vulnerability.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
