Quantitative vulnerability assessment of systems software

Proceedings - Annual Reliability and Maintainability Symposium

Volumn , Issue , 2005, Pages 615-620

  Alhazmi, Omar H ^a,b   Malaiya, Yashwant K ^a,b,c  

^a Department of Environmental and Radiological Health Sciences   (United States)

^b Colorado State University   (United States)

^c IEEE   (United States)

Author keywords

Operating systems; Quantitative models; Security; Vulnerability

Indexed keywords

CONTROL ACCESS; DEFECT DENSITIES; SOFTWARE RELIABILITY; EQUIVALENT EFFORT; QUANTITATIVE MODELS; SECURITY; VULNERABILITY;

COMPUTER OPERATING SYSTEMS; CONTROL SYSTEMS; MATHEMATICAL MODELS; RISK ASSESSMENT; ESTIMATION; INTERACTIVE COMPUTER SYSTEMS; RELIABILITY THEORY; RISK MANAGEMENT;

COMPUTER SOFTWARE;

EID: 27744556127     PISSN: 0149144X     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (17)

1. Y. K. Malaiya and J. Denton, "What Do the Software Reliability Growth Model Parameters Represent?", Int. Symp. on Software Reliability Engineering, 1997. pp. 124-135.
2. E. E. Schultz Jr., D. S. Brown and T. A. Longstaff, Responding to Computer Security Incidents, Lawrence Livermore National Laboratory, July 23, 1990.
3. M. R. Lyu Ed., Handbook of Software Reliability Engineering, McGraw-Hill 1995.
4. J. D. Musa, A. Ianino, K. Okumuto, Software Reliability Measurement Prediction Application, McGraw-Hill, 1987.
5. S. Brocklehurst, B. Littlewood, T. Olovsson and E. Jonsson, "On Measurement of Operational Security". Proc. 9th Annual IEEE Conference on Computer Assurance, Gaithersburg, pp. 257-66, IEEE Computer Society, 1994.
6. B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright; "Towards Operational Measures of Computer Security", Journal of Computer Security, V. 2 (2/3), pp 211-230, 1993.
7. M. Dacier, Y. Deswarte and M. Kaâniche, Quantitative Assessment of Operational Security: Models and Tools, Technical Report, LAAS Report 96493, May 1996.
8. I. Krusl, E. Spafford, M. Tripumtara, Computer Vulnerability Analysis, Department of Computer Sciences, Purdue University. COAST TR 98-07 1998.
9. W. A. Arbaugh, W. L. Fithen, J. McHugh, "Windows of Vulnerability: A Case Study Analysis", IEEE Computer, Vol. 33, No. 12, pp. 52-59, December 2000.
10. H. K. Browne, W. A. Arbaugh, J. McHugh, W.L. Fithen, "A Trend Analysis of Exploitation", Proc. IEEE Symposium on Security and Privacy, 2001, May 2001, pp. 214-229.
11. C.Y. Shim, R.E. Gantenbein, and S.Y. Shin, "Developing a Probabilistic Security Measure Using a Software Reliability Model", Information, October 2001, pp. 409-418.
12. O. H. Alhazmi, Y. K. Malaiya, I. Ray, Vulnerabilities in Major Operating Systems, Technical Report, Computer Science Department, Colorado State University, 2004.
13. ICAT Metabase, http://icat.nist.gov/icat.cfm, September 12, 2004.
14. Y. K. Malaiya, P. K. Srimani, "Software Reliability Models: Theoretical Development, Evaluation and Applications", IEEE Computer Society Press, 1990.
15. G. McGraw. "From the Ground Up: The DIMACS Software Security Workshop", IEEE Security & Privacy. March/April 2003. Volume 1, Number 2. pp. 59-66.
16. T. Longstaff, "CERT Experience with security problems in Software", Carnegie Mellon Univ., http://research.microsoft.com/projects/ SWSecInstitute/slides/Longstaff.pdf, June 2003.
17. th annual Computer Security applications conference, 2001, P358.