A methodology for ranking cloud system vulnerabilities
作者: Patrick Kamongi , Srujan Kotikela , Mahadevan Gomathisankaran , Krishna Kavi
DOI: 10.1109/ICCCNT.2013.6726854
关键词:
摘要: Nowadays there is a high demand for security assurance within Cloud Computing world. To meet this demand, practitioners attempt to assess vulnerabilities that any given cloud system may have, however task present some challenges when exposed complex system. Different tools have been developed facilitate the discovery process. In paper we propose new methodology ranking vulnerabilities. We designed and working model. It starts with process from our custom web application ends up unified simple view of ranked mounted on each prioritized generated attack paths.
sci-hub.se 参考文章(6)
Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia, An Attack Graph-Based Probabilistic Security Metric Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. ,vol. 5094, pp. 283- 296 ,(2008) , 10.1007/978-3-540-70567-3_22
Sören Bleikertz, Matthias Schunter, Christian W. Probst, Dimitrios Pendarakis, Konrad Eriksson, Security audits of multi-tier virtual infrastructures in public infrastructure clouds cloud computing security workshop. pp. 93- 102 ,(2010) , 10.1145/1866835.1866853
Jeannette Wing, Oleg Mikhail Sheyner, Scenario graphs and attack graphs Carnegie Mellon University. ,(2004)
Jelena Mirkovic, Peter Reiher, Christos Papadopoulos, Alefiya Hussain, Marla Shepard, Michael Berg, Robert Jung, Testing a Collaborative DDoS Defense In a Red Team/Blue Team Exercise IEEE Transactions on Computers. ,vol. 57, pp. 1098- 1112 ,(2008) , 10.1109/TC.2008.42
Patrick Kamongi, Srujan Kotikela, Krishna Kavi, Mahadevan Gomathisankaran, Anoop Singhal, VULCAN: Vulnerability Assessment Framework for Cloud Computing 2013 IEEE 7th International Conference on Software Security and Reliability. pp. 218- 226 ,(2013) , 10.1109/SERE.2013.31
Jeannette Wing, Oleg Sheyner, Tools for generating and analyzing attack graphs Lecture Notes in Computer Science. pp. 344- 371 ,(2004)