Measuring vulnerabilities and their exploitation cycle

Information Security Technical Report

Volumn 8, Issue 4, 2003, Pages 45-55

  Morakis, Evangelos ^a   Vidalis, Stylianos ^a   Blyth, Andrew ^a  

^a UNIVERSITY OF GLAMORGAN   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SYSTEM FIREWALLS; COMPUTER VIRUSES; CYBERNETICS; HIERARCHICAL SYSTEMS; INFORMATION TECHNOLOGY; PROBLEM SOLVING; SECURITY OF DATA;

ANTI-VIRUSES; DATA CONGESTION; VULNERABILITY SCANNERS;

COMPUTER SYSTEMS;

EID: 1942473630     PISSN: 13634127     EISSN: None     Source Type: Journal    
DOI: 10.1016/S1363-4127(03)00006-2     Document Type: Article

References (35)

1. Ammann P., Wijesekera D., et al. Scalable, Graph-Based Network Vulnerability Analysis. Computer & Communication Security. 18:(22):2002;217-224.
2. Barber R. Hacking Techniques. Computer Fraud & Security 2001. 2001:(3):2001;9-12.
3. Bennett S., McRobb S., Farmer R. Object-oriented Systems Analysis and Design Using UML. 1999;61-72 McGraw-Hill, England.
4. Bequai A. Organised Crime Goes Cyber. Computers & Security. 20:(6):2001;475-478.
5. Blyth A.J.C., Kovacich L. Information Assurance: Computer Communications & Networks. 2001;Springer-Verlag.
6. Carroll J.M. Computer Security. 1996;Butterworth-Heinemann.
7. Coad P. and Yourdon E. (1991). Object-Oriented Analysis, Prenticd Hall
8. COPS (2002)Computer Oracle & Password System. 2002. ftp.cert.org/pub/tools/cops.
9. Embley W.D., Kurtz B.D., Woodfield S.N. Object-Oriented Systems Analysis: A Model-Driven Approach. 1992;1-52 Prentice-Hall, New Jersey, USA.
10. Forte D. Information Security Assessment: Procedures & Methodology. Computer Fraud & Security. 2000:(8):2000;9-12.
11. Godsil C., Royle G. Algebraic Graph Theory. 2001;Springer-Verlag, New York, USA.
12. Hinda S. (2001). Cyberthreats: Perceptions, Reality and Protection, Computers & Security 20(5):364-371
13. Hoath P., Mulhall T. Hacking: motivation & deterence, part 1. Computer Fraud & Security. 1998:(4):1998;16-19.
14. Icove D., Seger K. et al (1995). Computer Crime: a crime fighters handbook, O'Reilly & Associates.
15. Kabay M.E. Enterprise Security: Protecting Information Assets. 1996;McGraw-Hill.
16. Keeney R.L. and Raiffa H. (1993). Decisions with Multiple Objectives, Press Syndicate of the University of Cambridge.
17. Storey N. (1996) Safety Critical Computer Systems, Addison-Wesley.
18. Leveson N.G. (1995) Sageware: system safety & computers, Addison-wesley.
19. Manasse M. The Millicent Protocols for Electronic Commerce. 1995;1st USENIX workshop on Electronic Commerce.
20. Merris R. Graph Theory. 31:2001;171-175 John Wiley & Sons, USA.
21. Moore A.P., Ellison R.J., et al. Attack Modeling for Information Security and Survivability. 2001;1-21 Carnegie Mellon University.
22. Morakis E., Vidalis S., Blyth A.J.C. A framework for representing and analysing cyber attacks using object oriented hierarchy trees. Proceedings of the Second European Conference in Information Warfare, UK. 2003;235-246.
23. Nuemann P.G. Computer Related Risks. 1995;Addison-Wesley.
24. O'Mahony D., Peirce M., et al. Electronic Payment Systems. 1997;Artech House.
25. Pfleeger C.P. Security in Computing. 1997;Prentice Hall Int.
26. Rees F. New perspective on computer hackers. Computer Fraud & Security. 1996:(6):1996;8.
27. Scambray J., McClure S., et al. Hacking Exposed: network security secrets & solutions. 2001;Osborn/McGraw Hill.
28. Smith M. Commonsense Computer Security: your practical guide_to information protection. 1993;McGraw-Hill.
29. Stalling W. Network Security Essentials. 2000;Prentice Hall.
30. Summers R.C. Secure Computing: threats & safeguards. 1977;McGraw-Hill.
31. Sykes J.B. The Concise Oxford Dictionary. 1981;Clarendon Press.
32. SystemScanner (2002). Internet Security System: System Scanner, 2002. www.iss.net.
33. Vidalis S. TAMMPS: a threat assessment model for micro-payment systems. 2001;1-152 School of Computing, Pontypridd, University of Glmaorgan.
34. Vidalis S., Jones A. Using Vulnerability Trees for Decision Making in Threat Assessment. Proceedings of the Second European Conference in Information Warfare, UK. 2003;329-338.
35. W3C (1999). Common Markup for micropayment per-fee-links, MIT, INRIA, Keio: 1-33. www.w3.org/TR/1999/WD-Micropayment-Markup-19990825/.