Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Practical byzantine fault tolerance and proactive recovery
ACM Transactions on Computer Systems (TOCS)
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Quality of protection: measuring the unmeasurable?
Proceedings of the 2nd ACM workshop on Quality of protection
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Common Vulnerability Scoring System
IEEE Security and Privacy
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Minimum-cost network hardening using attack graphs
Computer Communications
Estimating a System's Mean Time-to-Compromise
IEEE Security and Privacy
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Empirical Estimates and Observations of 0Day Vulnerabilities
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Hi-index | 0.00 |
The security risk of a network against unknown zero day attacks has been considered as something unmeasurable since software flaws are less predictable than hardware faults and the process of finding such flaws and developing exploits seems to be chaotic [10]. In this paper, we propose a novel security metric, k-zero day safety, based on the number of unknown zero day vulnerabilities. That is, the metric simply counts how many unknown vulnerabilities would be required for compromising a network asset, regardless of what vulnerabilities those might be. We formally define the metric based on an abstract model of networks and attacks. We then devise algorithms for computing the metric. Finally, we show the metric can quantify many existing practices in hardening a network.