Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

13616 Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS
Home Policy Brochure Browse Search User Area Contact Help

Houmb, S.H. and Nunes Leal Franqueira, V. and Engum, E.A. (2008) Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS. In: ISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering, 11 November 2008, Seattle, US. IEEE Computer Society. ISBN 978-1-4244-3417-6

Full text available as:


231 Kb
Open Access

Exported to Metis


Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of data, such as that for the Logging While Drilling (LWD) and Measurement While Drilling (MWD) subsystems. Here, data is recorded on site, packaged and then transferred to an on-shore operational centre. Today, the data is transferred on dedicated communication channels to ensure a secure and safe transfer, free from deliberately and accidental faults.

However, as the cost control is ever more important some of the transfer will be over remotely accessible infrastructure in the future. Thus, communication will be prone to known security vulnerabilities exploitable by outsiders. This paper presents a model that estimates risk level of known vulnerabilities as a combination of frequency and impact estimates derived from the Common Vulnerability Scoring System (CVSS). The model is implemented as a Bayesian Belief Network (BBN).

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:VRIEND: Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized, IPID: Integrated Policy-based Intrusion Detection
ID Code:13616
Deposited On:04 February 2009
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item