Published: October 11, 2012
Author(s)
Pengsu Cheng (Concordia University), Lingyu Wang (Concordia University), Sushil Jajodia (GMU), Anoop Singhal (NIST)
Conference
Name: 2012 IEEE 31st Symposium on Reliable Distributed Systems (SRDS)
Dates: 10/08/2012 - 10/11/2012
Location: Irvine, California, United States
Citation: Proceedings of the 2012 31st International Symposium on Reliable Distributed Systems (SRDS 2012), pp. 31-40
A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggregating CVSS scores usually cause useful semantics of individual scores to be lost in the aggregated result. In this apper, we address this issue through two novel approaches. First, instead of taking each base score as an input, our approach drills down to the underlying base metric level where dependency relationships have well-defined semantics. Second, our approach interprets and aggregates the base metrics from three different aspects in order to preserve corresponding semantics of the individual scores. Finally, we confirm the advantages of our approaches through simulation.
A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggregating CVSS scores usually cause...
See full abstract
A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggregating CVSS scores usually cause useful semantics of individual scores to be lost in the aggregated result. In this apper, we address this issue through two novel approaches. First, instead of taking each base score as an input, our approach drills down to the underlying base metric level where dependency relationships have well-defined semantics. Second, our approach interprets and aggregates the base metrics from three different aspects in order to preserve corresponding semantics of the individual scores. Finally, we confirm the advantages of our approaches through simulation.
Hide full abstract
Keywords
CVSS; security metrics; security risk; threats
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
