Assessment of windows system security using vulnerability relationship graph

  • Authors:

  • Yongzheng Zhang;Binxing Fang;Yue Chi;Xiaochun Yun

  • Affiliations:

  • Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China

  • Venue:
  • CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

To evaluate the security situation of Windows systems for different users on different security attributes, this paper proposes a quantitative assessment method based on vulnerability relationship graph (VRG) and an index-based assessment policy. Through introducing the correlative influences of vulnerabilities, VRG can be used to scientifically detect high risk vulnerabilities which can evoke multistage attacks although their threats on surface are very little. Analysis of 1085 vulnerabilities indicates that for trusted remote visitors, the security of Windows systems is lower while for distrusted remote visitors, they are relatively secure. But there is no obvious difference of the security risk on confidentiality, authenticity and availability of Windows systems. In several known versions, the security of Windows NT is almost lowest.