Proceedings of the XXth Conference of Open Innovations Association FRUCT (Apr 2017)

Analytical attack modeling and security assessment based on the common vulnerability scoring system

  • Elena Doynikova,
  • Andrey Chechulin,
  • Igor Kotenko

DOI
https://doi.org/10.23919/FRUCT.2017.8071292
Journal volume & issue
Vol. 776, no. 20
pp. 53 – 61

Abstract

Read online

The paper analyzes an approach to the analytical attack modeling and security assessment on the base of the Common Vulnerability Scoring System (CVSS) format, considering different modifications that appeared in the new version of the CVSS specification. The common approach to the analytical attack modeling and security assessment was suggested by the authors earlier. The paper outlines disadvantages of previous CVSS version that influenced negatively on the results of the attack modeling and security assessment. Differences between new and previous CVSS versions are analyzed. Modifications of the approach to the analytical attack modeling and security assessment that follow from the CVSS modifications are suggested. Advantages of the modified approach are described. Case study that illustrates enhanced approach is provided.

Keywords