Wormability: A Description for Vulnerabilities

作者: Thomas Ptacek , Jose Nazario , Dug Song

DOI:

关键词: VulnerabilityVulnerability assessmentGeographyLeverage (statistics)ExploitVulnerable populationThe InternetComputer securityCurrent time

摘要: It is well understood that not all vulnerabilities are or can become potential worms. However, the characteristics lead to a vulnerability being used in worm poorly described and modeled. To facilitate evaluating new announcements create descriptive risk landscape, we introduce mathematical description for vulnerability’s “wormability,” use of propagation. This model provides an interrelation between exploit required leverage vulnerability, size nature vulnerable population, time intervals publication current time, general landscape on Internet as whole. Using this model, provide measure possibility several becoming worms near-future along with explanations why some inherently “wormable.”

参考文章(19)
Darrell Martin Kienzle, William A. Wulf, Practical computer security analysis University of Virginia. ,(1998)
Per Kaijser, Ulf Lindqvist, Erland Jonsson, The Remedy Dimension of Vulnerability Analysis ,(1998)
Jose Nazario, Chris Connelly, The Future of Internet Worms ,(2001)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
Eliot A. Cohen, John Arquilla, David F. Ronfeldt, Networks and Netwars: The Future of Terror, Crime, and Militancy Foreign Affairs. ,vol. 81, pp. 182- ,(2002) , 10.2307/20033106
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Matt Bishop, David Bailey, A Critical Analysis of Vulnerability Taxonomies Defense Technical Information Center. ,(1996) , 10.21236/ADA453251
Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi, A Taxonomy of Computer Program Security Flaws, with Examples Defense Technical Information Center. ,(1994) , 10.21236/ADA465587