EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


13616 Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS
Home Policy Brochure Browse Search User Area Contact Help

Houmb, S.H. and Nunes Leal Franqueira, V. and Engum, E.A. (2008) Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS. In: ISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering, 11 November 2008, Seattle, US. IEEE Computer Society. ISBN 978-1-4244-3417-6

Full text available as:

PDF

231 Kb
Open Access


Exported to Metis

Abstract

Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of data, such as that for the Logging While Drilling (LWD) and Measurement While Drilling (MWD) subsystems. Here, data is recorded on site, packaged and then transferred to an on-shore operational centre. Today, the data is transferred on dedicated communication channels to ensure a secure and safe transfer, free from deliberately and accidental faults.

However, as the cost control is ever more important some of the transfer will be over remotely accessible infrastructure in the future. Thus, communication will be prone to known security vulnerabilities exploitable by outsiders. This paper presents a model that estimates risk level of known vulnerabilities as a combination of frequency and impact estimates derived from the Common Vulnerability Scoring System (CVSS). The model is implemented as a Bayesian Belief Network (BBN).

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:VRIEND: Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized, IPID: Integrated Policy-based Intrusion Detection
ID Code:13616
Status:Published
Deposited On:04 February 2009
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item