Computer Science and Information Engineering, World Congress on (2009)
Los Angeles, California USA
Mar. 31, 2009 to Apr. 2, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSIE.2009.947
Abstract We extend existing work on security metrics by proposing a method to monitor the state of system entities in real-time. The primary focus is assessing the risk to and from access control request sources and targets. This process is critical in building effective dynamic access control methods that utilize assessment data for policy enforcement. Information on vulnerability exploitation attempts is used to derive risk assessments for entities in the system. To validate the approach, we demonstrate the use of our assessment method on analyzing the sources and targets in a widely used intrusion detection data set.
Vulnerability Assessment, Risk Metrics
H. Rasheed and R. Y. Chow, "Automated Risk Assessment for Sources and Targets of Vulnerability Exploitation," 2009 WRI World Congress on Computer Science and Information Engineering, CSIE(CSIE), Los Angeles, CA, 2009, pp. 150-154.