Los Angeles, CA
March 31, 2009 to April 2, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSIE.2009.947
Abstract We extend existing work on security metrics by proposing a method to monitor the state of system entities in real-time. The primary focus is assessing the risk to and from access control request sources and targets. This process is critical in building effective dynamic access control methods that utilize assessment data for policy enforcement. Information on vulnerability exploitation attempts is used to derive risk assessments for entities in the system. To validate the approach, we demonstrate the use of our assessment method on analyzing the sources and targets in a widely used intrusion detection data set.
Vulnerability Assessment, Risk Metrics
Hassan Rasheed, Randy Y.C. Chow, "Automated Risk Assessment for Sources and Targets of Vulnerability Exploitation", CSIE, 2009, 2009 WRI World Congress on Computer Science and Information Engineering, CSIE, 2009 WRI World Congress on Computer Science and Information Engineering, CSIE 2009, pp. 150-154, doi:10.1109/CSIE.2009.947