From the January/February 2014 issue
k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities
By Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel
By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on security metrics has been hindered by difficulties in handling zero-day attacks exploiting unknown vulnerabilities. In fact, the security risk of unknown vulnerabilities has been considered as something unmeasurable due to the less predictable nature of software flaws. This causes a major difficulty to security metrics, because a more secure configuration would be of little value if it were equally susceptible to zero-day attacks. In this paper, we propose a novel security metric, $(k)$-zero day safety, to address this issue. Instead of attempting to rank unknown vulnerabilities, our metric counts how many such vulnerabilities would be required for compromising network assets; a larger count implies more security because the likelihood of having more unknown vulnerabilities available, applicable, and exploitable all at the same time will be significantly lower.
Editorials and Announcements
- Guest Editor Proposals for IEEE TDSC Special Issues (PDF)
- Get Your Journals as eBooks for Free
- Print on Demand is Now Available for OnlinePlus Titles
- eBooks of issues of TDSC can now be downloaded from the Computer Society Digital Library
Call for Papers
- Special Issue on Reliable and secure VANETs
Submission Deadline: June 30, 2014
- Special Issue on Cyber Crime
Submission Deadline: October 1, 2014
- Open call for papers for TDSC
- Editorial by Ravi Sandhu (January/February 2012)
- Editorial by Ravi Sandhu (July-Sept 2010)
- Editorial by Ravi Sandhu (Jan-March 2010)
Access recently published TDSC articles
Subscribe to the RSS feed of latest TDSC content added to the digital library.
Sign up for the Transactions Connection newsletter.
Swimming with Sharks: Security Roundtable
A word from the Editor-in-Chief, Ravi Sandhu
TDSC is published using the OnlinePlus publishing model
IEEE Transactions on Dependable and Secure Computing (TDSC) is a bimonthly journal that publishes archival research results focusing on foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance.
Read the full scope of TDSC