A Practical Formalism for Vulnerability Comparison
نویسندگان
چکیده
In our efforts to create a vulnerability classification scheme, we encountered a significant obstacle: ambiguous or conflicting notions of security, policy, vulnerabilities, and exploits. This paper defines a framework that explicitly and formally define these and related notions to facilitate vulnerability analysis. We focus our work on the concept of runtime vulnerabilities, exploits, and policy violations. We then provide an abstraction of these concepts to allow for quantitative comparison of vulnerabilities across systems. Finally, we discuss how this framework allows for practical evaluation of secure systems at a formal level.
منابع مشابه
Comparison the treatment time of cobalt and iridium sources in HDR brachytherapy
Introduction: The use of long-half-life Cobalt source instead of iridium source will be very helpful in HDR brachytherapy for treatment of cervical cancer. The aim of this study was compared the treatment time with cobalt and iridium source in brachytherapy for treatment of cervical cancer using Tandem-ovoid applicator. Materials and Methods: In this study, 19...
متن کاملStructural Comparison of Executable Objects
A method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file is presented. Such an isomorphism has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions. Moreover, information (function names) which is available for one of the two versions ...
متن کاملEmpirical Seismic Vulnerability and Damage of Bottom Frame Seismic Wall Masonry Structure: A Case Study in Dujiangyan (China) Region
In order to understand the seismic performance and mechanism of bottom frame seismic wall masonry structure (BFSWMS) and its vulnerability in empirical seismic damage, based on the statistical and numerical analysis of the field seismic damage observation data of 2178 Dujiangyan structures in the Wenchuan great earthquake urban of China on May 12, 2008, a non-linear function model between the s...
متن کاملA Comparison of Market Approaches to Software Vulnerability Disclosure
Practical computer (in)security is largely driven by the existence of and knowledge about vulnerabilities, which can be exploited to breach security mechanisms. Although the discussion on details of responsible vulnerability disclosure is controversial, there is a sort of consensus that better information sharing is socially beneficial. In the recent years we observe the emerging of “vulnerabil...
متن کاملA Policy-Based Vulnerability Analysis Framework
Repeatability is essential to any science—computer science is no exception. However, the area of vulnerability analysis suffers from ambiguous definitions that hinder the repeatability of analysis results. Many researchers have turned to policy-based definitions of a vulnerability in an attempt to alleviate this ambiguity. However, it is rare that security policies are explicitly and precisely ...
متن کامل