Sökning: onr:"swepub:oai:DiVA.org:kth-91649" >
Success Rate of Rem...
Success Rate of Remote Code Execution Attacks : Expert Assessments and Observations
-
- Holm, Hannes (författare)
- KTH,Industriella informations- och styrsystem
-
- Sommestad, Teodor (författare)
- KTH,Industriella informations- och styrsystem
-
- Franke, Ulrik (författare)
- KTH,Industriella informations- och styrsystem
-
visa fler...
-
- Ekstedt, Mathias (författare)
- KTH,Industriella informations- och styrsystem
-
visa färre...
-
(creator_code:org_t)
- J.UCS consortium, 2012
- 2012
- Engelska.
-
Ingår i: Journal of universal computer science (Online). - : J.UCS consortium. - 0948-695X .- 0948-6968. ; 18:6, s. 732-749
- Relaterad länk:
-
http://www.jucs.org/...
-
visa fler...
-
https://kth.diva-por... (primary) (Raw object)
-
https://urn.kb.se/re...
-
https://doi.org/10.3...
-
visa färre...
Abstract
Ämnesord
Stäng
- This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.
Ämnesord
- TEKNIK OCH TEKNOLOGIER -- Elektroteknik och elektronik (hsv//swe)
- ENGINEERING AND TECHNOLOGY -- Electrical Engineering, Electronic Engineering, Information Engineering (hsv//eng)
Nyckelord
- Cyber security
- Remote code execution
- Software vulnerabilities
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas