中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
vrank: a context-aware approach to vulnerability scoring and ranking in soa
Author: Jiang Jianchun ; Ding Liping ; Zhai Ennan ; Yu Ting
Source: Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Conference Name: 2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012
Conference Date: June 20, 2012 - June 22, 2012
Issued Date: 2012
Conference Place: Gaithersburg, MD, United states
Keyword: Information services ; Service oriented architecture (SOA) ; Software reliability
Indexed Type: EI
ISBN: 9780769547428
Department: (1) Institute of Software Chinese Academy of Sciences China; (2) North Carolina State University United States
Sponsorship: IEEE Reliability Society
Abstract: With the rapid adoption of the concepts of Service Oriented Architecture (SOA), sophisticated business processes and tasks are increasingly realized through composing distributed software components offered by different providers. Though such practices offer advantages in terms of cost-effectiveness and flexibility, those components are not immune to vulnerabilities. It is therefore important for the administrator of some composed service to evaluate the threats of such vulnerabilities accordingly within limited available information. Since almost all the existing efforts (e.g., CVSS) fail to consider specific context-aware information which is the specific character of SOA, they could not be adopted into SOA for scoring vulnerabilities. In this paper, we present VRank, a novel framework for the scoring and ranking of vulnerabilities in SOA. Different from existing efforts, for a given vulnerability, VRank not only considers its intrinsic properties (e.g., exploitability), but also takes into account the contexts of the services having this vulnerability, e.g., what roles they play in the composed service and how critical it is to the security objective of the service. The resulting scoring and ranking of vulnerabilities are thus highly relevant and meaningful to the composed service. We present the detailed design of VRank, and compare it with CVSS. Our experiments indicate VRank is able to provide much more useful ranking lists of vulnerabilities for complex composed services. © 2012 IEEE.
English Abstract: With the rapid adoption of the concepts of Service Oriented Architecture (SOA), sophisticated business processes and tasks are increasingly realized through composing distributed software components offered by different providers. Though such practices offer advantages in terms of cost-effectiveness and flexibility, those components are not immune to vulnerabilities. It is therefore important for the administrator of some composed service to evaluate the threats of such vulnerabilities accordingly within limited available information. Since almost all the existing efforts (e.g., CVSS) fail to consider specific context-aware information which is the specific character of SOA, they could not be adopted into SOA for scoring vulnerabilities. In this paper, we present VRank, a novel framework for the scoring and ranking of vulnerabilities in SOA. Different from existing efforts, for a given vulnerability, VRank not only considers its intrinsic properties (e.g., exploitability), but also takes into account the contexts of the services having this vulnerability, e.g., what roles they play in the composed service and how critical it is to the security objective of the service. The resulting scoring and ranking of vulnerabilities are thus highly relevant and meaningful to the composed service. We present the detailed design of VRank, and compare it with CVSS. Our experiments indicate VRank is able to provide much more useful ranking lists of vulnerabilities for complex composed services. © 2012 IEEE.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/15754
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Jiang Jianchun,Ding Liping,Zhai Ennan,et al. vrank: a context-aware approach to vulnerability scoring and ranking in soa[C]. 见:2012 IEEE 6th International Conference on Software Security and Reliability, SERE 2012. Gaithersburg, MD, United states. June 20, 2012 - June 22, 2012.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Jiang Jianchun]'s Articles
[Ding Liping]'s Articles
[Zhai Ennan]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Jiang Jianchun]‘s Articles
[Ding Liping]‘s Articles
[Zhai Ennan]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2020  中国科学院软件研究所 - Feedback
Powered by CSpace