{"title":"量化信息系统组件脆弱性对复合上升暴露的影响","authors":"Yanzhen Qu, Adam English, Brace Hannon","doi":"10.1109/CSCI54926.2021.00193","DOIUrl":null,"url":null,"abstract":"To compensate the lacking of any concrete scoring formula of the CVSS v3 for the category of \"Environment\", in this paper, we present a novel formula for objectively quantifying composite vulnerability exposures for non-terminal components of an information system. The paper examines limitations of the CVSS v3 calculator definition, notably the capacity to characterize vulnerabilities from a composite perspective, providing a means to output a composite CVSS-compliant vulnerability score for aggregated system components. We provide the definitions for related concepts, formulas for determining component vulnerability, and a formula for calculating composite vulnerability. The common implementation of a Linux, Apache, MySQL, PHP (LAMP) stack provides a practical demonstration of the foundational formulas.","PeriodicalId":206881,"journal":{"name":"2021 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Quantifying the Impact of Vulnerabilities of the Components of an Information System towards the Composite Rise Exposure\",\"authors\":\"Yanzhen Qu, Adam English, Brace Hannon\",\"doi\":\"10.1109/CSCI54926.2021.00193\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To compensate the lacking of any concrete scoring formula of the CVSS v3 for the category of \\\"Environment\\\", in this paper, we present a novel formula for objectively quantifying composite vulnerability exposures for non-terminal components of an information system. The paper examines limitations of the CVSS v3 calculator definition, notably the capacity to characterize vulnerabilities from a composite perspective, providing a means to output a composite CVSS-compliant vulnerability score for aggregated system components. We provide the definitions for related concepts, formulas for determining component vulnerability, and a formula for calculating composite vulnerability. The common implementation of a Linux, Apache, MySQL, PHP (LAMP) stack provides a practical demonstration of the foundational formulas.\",\"PeriodicalId\":206881,\"journal\":{\"name\":\"2021 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCI54926.2021.00193\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI54926.2021.00193","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Quantifying the Impact of Vulnerabilities of the Components of an Information System towards the Composite Rise Exposure
To compensate the lacking of any concrete scoring formula of the CVSS v3 for the category of "Environment", in this paper, we present a novel formula for objectively quantifying composite vulnerability exposures for non-terminal components of an information system. The paper examines limitations of the CVSS v3 calculator definition, notably the capacity to characterize vulnerabilities from a composite perspective, providing a means to output a composite CVSS-compliant vulnerability score for aggregated system components. We provide the definitions for related concepts, formulas for determining component vulnerability, and a formula for calculating composite vulnerability. The common implementation of a Linux, Apache, MySQL, PHP (LAMP) stack provides a practical demonstration of the foundational formulas.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
