nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

01.05.2014 | Original Paper

Modeling discovery and removal of security vulnerabilities in software system using priority queueing models

verfasst von: Dae-Eun Lim, Tae-Sung Kim

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 2/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper aims to model the discovery and removal of software vulnerabilities based on queueing theory. The probabilistic characteristics of the arrival and service processes are the core elements of queueing theory. Discovering and removing software vulnerabilities corresponds arrival and service processes in queueing models, respectively. Vulnerabilities can be classified into groups depending upon its severity levels measured by CVSS (common vulnerability scoring system). Groups with higher severity levels are fixed more quickly than groups with lower severity levels. Priority queueing models can be used and give various performance indices: the number of unfixed vulnerabilities at arbitrary instances and waiting time before getting fixed. Moreover, the service rate to prevent the number or accumulated degree of vulnerabilities from exceeding the predetermined level can be estimated.

Vorheriger Artikel Implementation of a web-based smart electronic needle system

Nächster Artikel Adjusting context-aware RFID in health screening center

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Joh, H.: Quantitative analyses of software vulnerabilities, Ph.D. Dissertation, Department of Computer Science, Colorado State University (2011)

Krsul, I.V.: Software vulnerability analysis, Ph.D. Dissertation, Department of Computer Science, Purdue University (1998)

Ozment, A.: Improving vulnerability discovery models. In QoP ’07: Proceedings of the 2007 ACM Workshop on Quality of Protection, pp. 6–11. ACM, New York, USA (2007)

Pfleeger, C.P., Pfleeger, S.L.: Security in computing, 3rd edn. Prentice Hall PTR, Upper Saddle River (2003)

Vatamanu, C., Gavrilut, D., Benchea, R.: A practical approach on clustering malicious PDF documents. J. Compt. Virol. 8, 151–163 (2012)CrossRef

Goichon, F., Salagnac, G., Parrend, P., Frénot, S.: Static vulnerability detection in Java service-oriented components. J. Compt. Virol. 9, 15–26 (2012)CrossRef

MITRE Corporation. Common Vulnerabilities and Exposures (CVE), http://cve.mitre.org/

FIRST. CVSS Guide, http://www.first.org/cvss/cvss-guide/. Accessed 15 November 2013

FIRST. CVSS History, http://www.first.org/cvss/history/. Acce ssed 15 November 2013

10.

Woo, S.W., Joh, H.C., Alhazmi, O.H., Malaiya, Y.K.: Modeling vulnerability discovery process in Apache and IIS HTTP servers. Comput. Secur. 30, 50–62 (2011)CrossRef

11.

Ozment, A.: Vulnerability discovery and software Security, Ph.D. Dissertation, Computer Laboratory Computer Security Group & Magdalene College, University of Cambridge (2007)

12.

AIAA/ANSI: Recommended practice software reliability, R-013-1992, American Institute of Aeronautics and Astronautics (AIAA) (1993)

13.

Alhazmi, O.H., Malaiya, Y.K.: Modeling the vulnerability discovery process. In: Proceedings of the 16th IEEE International Symposium on Software, Reliability Engineering, pp. 129–138 (2005)

14.

Anderson, R.J.: Security in open versus closed systems—the dance of Boltzmann, Coase and Moore. In: Proceedings of the Conference on Open Source Software, Economics, pp. 1–15 (2002)

15.

Rescola, E.: Is finding security holes a good idea? Secur. Priv. IEEE 3(1), 1–19 (2005)CrossRef

16.

Musa, J.D., Okumoto K.: A logarithmic Poisson execution time model for software reliability measurement. In: Proceedings of 7th International Conference on Software Engineering, pp. 230–238 (1984)

17.

Alhazmi, O.H., Malaiya, Y.K.: Quantitative vulnerability assessment of systems software, In RAMS’05: Proceedings of the IEEE Reliability and Maintainability Symposium, pp. 615–620 (2005)

18.

DB-Engines. DB-Engines Ranking, http://db-engines.com/. Accessed 15 November 2013

19.

National Institute of Standards and Technology, National Vulnerability Database (NVD), http://nvd.nist.gov/. Accessed 15 November 2013

20.

Huang, C.-Y., Huang, W.-C.: Software reliability analysis and measurement using finite and infinite server queueing models. IEEE Trans. Rel. 57(1), 192–203 (2008)CrossRef

21.

Takagi, H.: Queueing analysis, Volume 1: Vacation and Priority Systems, Part 1, North-Holland, Amsterdam (1991)

22.

Little, J.D.C.: A proof for the queueing formula: \(L = \lambda W\). Oper. Res. 9(3), 383–387 (1961)CrossRefMATHMathSciNet

Titel: Modeling discovery and removal of security vulnerabilities in software system using priority queueing models
verfasst von: Dae-Eun Lim
Tae-Sung Kim
Publikationsdatum: 01.05.2014
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 2/2014
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-014-0205-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2014

A loop splitting method for single loops with non-uniform dependences

An indoor location tracking based on mobile RFID for smart exhibition service

Heuristic estimation of network capacity and spectrum requirement

Implementation of a web-based smart electronic needle system

A study on the factors that affect the adoption of Smart Water Grid

Recent trends in Mobile Communication Systems