漏洞分析与建模

2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) Pub Date : 2019-10-01 DOI:10.1109/UEMCON47517.2019.8993028

Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy

{"title":"漏洞分析与建模","authors":"Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy","doi":"10.1109/UEMCON47517.2019.8993028","DOIUrl":null,"url":null,"abstract":"One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.","PeriodicalId":187022,"journal":{"name":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","volume":"284 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Vulnerability Analysis and Modeling\",\"authors\":\"Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy\",\"doi\":\"10.1109/UEMCON47517.2019.8993028\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.\",\"PeriodicalId\":187022,\"journal\":{\"name\":\"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"volume\":\"284 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UEMCON47517.2019.8993028\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UEMCON47517.2019.8993028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

计算机系统的一个重大风险是缺乏安全性，无论是由于系统漏洞还是由于过于复杂的入侵技术。软件安全漏洞由于无法保护系统内部的机密性，对用户和系统都是有害的。来自国家数据库的分析显示了软件漏洞是如何分类的，以及它们对计算机系统的影响有多大。为了帮助防止攻击，我们建议将重点更多地放在生产无漏洞软件上，而不是集中在发布补丁上。本文的贡献在于表明需要包括所有三种方法:预防、检测和适应，以减轻脆弱性。这需要在软件开发中采用正式的方法，对最终用户进行教育，并使用杀伤链技术对漏洞进行建模。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Vulnerability Analysis and Modeling

One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)

自引率

0.00%

发文量