Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy
{"title":"漏洞分析与建模","authors":"Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy","doi":"10.1109/UEMCON47517.2019.8993028","DOIUrl":null,"url":null,"abstract":"One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.","PeriodicalId":187022,"journal":{"name":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","volume":"284 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Vulnerability Analysis and Modeling\",\"authors\":\"Mike Brown, S. Pollock, Wafa Elmannai, Michael Joseph, K. Elleithy\",\"doi\":\"10.1109/UEMCON47517.2019.8993028\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.\",\"PeriodicalId\":187022,\"journal\":{\"name\":\"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"volume\":\"284 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UEMCON47517.2019.8993028\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UEMCON47517.2019.8993028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
One of the significant risks of computer systems is the lack of security whether that is attributed to the system vulnerabilities or too sophisticated intrusion techniques. The software security vulnerability is detrimental to the user as well as the system because of its inability to protect confidentiality within the system. Analysis from a national database displays how software vulnerabilities are categorized and how much of an impact they play amongst computer systems. To help preventing attacks, we propose that the focus be more on producing vulnerability free software, rather than focusing on issuing patches. The contribution of this paper is to show the need to include all three methods: prevention, detection and accommodation, to mitigate vulnerabilities. This requires the adoption of formal methods in software development, end user education and vulnerability modeling using the Kill Chain Technique.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
