Assessing the risk of using vulnerable components

Advances in Information Security

Volumn 23, Issue , 2006, Pages 65-77

  Balzarotti, Davide ^a   Monga, Mattia ^b   Sicari, Sabrina ^c  

^a POLITECNICO DI MILANO   (Italy)

^b UNIVERSITY OF MILAN   (Italy)

^c UNIVERSITY OF CATANIA   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84882663975     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-36584-8_6     Document Type: Article

References (20)

1. http://msgs.securepoint.com/bugtraq/.
2. Christopher Alberts, Audree Dorofee, James Stevens, and Carol Woody. Introduction to the Octave approach, http://www.cert.org/octave/, 2003.
3. Richard Baskerville. Information system security design methods: Implications for information systems development. ACM Computing Survey, 25(4):375-412, 1993.
4. Gautam Biswas, Kenneth A. Debelak, and Kazuhiko Kawamura. Application of qualitative modelling to knoweledge-based risk assessment studies, lEA-dIE '89: Second International Conference on Industrial & Engineering Applications of Artificial Intelligence & Expert Systems-dCM, pages 92-101, 1989.
5. B. Jenkins. Risk analysis helps establish a good security posture; risk management keeps it that way. whitepaper, pages 1-16, 1998.
6. CERT. Technical report 2001-tn-001.
7. Harvey M. Deitel, Paul J. Deitel, B. DuWaldt, and L. K. Trees. Web Services: A Technical Introduction. Prentice ttall, 2002.
8. Zaid Dwaikat and Francesco Parisi-Presicce. Risky trust: Risk-based analysis of software system. Proceedings of the first workshop on Software Engineering for, Secure Systems (SESS05).
9. S. Evans, D. Heinbuch, E. Kyle, J. Piorkowski, and J. Wallener. Risk-based system security engineering: Stopping attacks with intention. IEEE Security & Privacy, pages 59-62, 2004.
10. Network Working Group. Internet security glossary, http://rfc.net/rfc2828.html, May 2000. Request for Comments: 2828.
11. Michael Howard and David Leblanc. Writing secure Code. Microsoft Press, 2003.
12. Khaled Khan, Jun Han, and Yuliang Zheng. A framework for an active interface to characterize compositional security contracts of software components. 2001 Australian Software Engineering Conference (dSWECO1)-IEEE Computer Society Press, pages 117-126.
13. I.S. Moskowitz and M.H. Kang. An insecurity flow model. Proceedings of New Security Paradigms workshop, 1997.
14. S. Noel, S. Jajoidia, B. O'Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency graphs. Proceedings of ACSAC'03.
15. M. Elisabeth Pate-Cornell. Fault tree vs. event trees in reliability analysis. Risk Analysis, 4(3):177-186, 1984.
16. Mehmet Sahinoglu. Security meter:a pratical decision-tree model to quantify risk. IEEE Security & Privacy, 3(3):18-24, May/June 2005.
17. Bruce Schneier. Modelling security threats. Dr. Dobb's Journal, dec 1999.
18. Gunter P. Sharp, Philip H. Enslow, Shamkant B. Navathe, and Fariborz Farhmand. Managing vulnerabilities of information system to security incindets. ACM International Conference: 5th international conference on Electronic commerce, pages 348-354, 2003.
19. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P '02).
20. Thomas Siu. Risk-eye for IT security guy. Gsec, pages 1-20, 2004.