Tongxin xuebao (Aug 2016)
Vulnerabilities scoring approach for cloud SaaS
Abstract
There are full of challenges to score vulnerabilities of cloud services developed by different third-party pro-viders.Although there have been a few systems for scoring vulnerabilities (e.g.,CVSS) of many existing software,most of them are unable to be leveraged to score vulnerabilities in cloud services,because they fail to consider some important factors located in the clouds such as business context (i.e.,dependency relationships between services).VScorer,a novel security frame work to score vulnerabilities in various cloud services were presented based on different given require-ments.By inputting concrete business context and security requirement into VScorer,cloud provider can get a ranking list of vulnerabilities in the business based on the given security requirement.Following the ranking list,cloud provider was able to patch the most critical vulnerabilities first.A prototype was developed and VScorer can be demonstrazed to work better than current representative vulnerability scoring system CVSS.