System Insecurity in the Internet Age
IEEE Software
Maintaining Software with a Security Perspective
ICSM '02 Proceedings of the International Conference on Software Maintenance (ICSM'02)
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
To evaluate the security situation of Windows systems for different users on different security attributes, this paper proposes a quantitative assessment method based on vulnerability relationship graph (VRG) and an index-based assessment policy. Through introducing the correlative influences of vulnerabilities, VRG can be used to scientifically detect high risk vulnerabilities which can evoke multistage attacks although their threats on surface are very little. Analysis of 1085 vulnerabilities indicates that for trusted remote visitors, the security of Windows systems is lower while for distrusted remote visitors, they are relatively secure. But there is no obvious difference of the security risk on confidentiality, authenticity and availability of Windows systems. In several known versions, the security of Windows NT is almost lowest.