A Security Engineering Process for Vulnerability Assessment

Wei Li

A Security Engineering Process for Vulnerability Assessment

Wei Li

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper a practical security engineering process for vulnerability assessment (VA) is introduced. This process involves the use of an attack modeling technique referred to as exploitation graphs (e-graphs). An e-graph is a straightforward representation of the overall security status of a network environment by associating system configurations and known vulnerabilities existing on different hosts. The graph generation process is introduced. A case study shows the effectiveness of the proposed approach in evaluating VA activities for an operational network environment.

Original language	American English
Title of host publication	19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006
Pages	352-357
Number of pages	6
State	Published - 2006
Event	19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006 - Las Vegas, NV, United States Duration: Nov 13 2006 → Nov 15 2006

Publication series

Name	19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006

Conference

Conference	19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006
Country/Territory	United States
City	Las Vegas, NV
Period	11/13/06 → 11/15/06

ASJC Scopus Subject Areas

Computer Science Applications
Industrial and Manufacturing Engineering

Cite this

A Security Engineering Process for Vulnerability Assessment. / Li, Wei.
19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006. 2006. p. 352-357 (19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, W 2006, A Security Engineering Process for Vulnerability Assessment. in 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006. 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006, pp. 352-357, 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006, Las Vegas, NV, United States, 11/13/06.

@inproceedings{092a1b263e4d4fa9afc2a4ce2523a11b,

title = "A Security Engineering Process for Vulnerability Assessment",

abstract = "In this paper a practical security engineering process for vulnerability assessment (VA) is introduced. This process involves the use of an attack modeling technique referred to as exploitation graphs (e-graphs). An e-graph is a straightforward representation of the overall security status of a network environment by associating system configurations and known vulnerabilities existing on different hosts. The graph generation process is introduced. A case study shows the effectiveness of the proposed approach in evaluating VA activities for an operational network environment.",

author = "Wei Li",

year = "2006",

language = "American English",

isbn = "9781604236750",

series = "19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006",

pages = "352--357",

booktitle = "19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006",

note = "19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006 ; Conference date: 13-11-2006 Through 15-11-2006",

}

TY - GEN

T1 - A Security Engineering Process for Vulnerability Assessment

AU - Li, Wei

PY - 2006

Y1 - 2006

N2 - In this paper a practical security engineering process for vulnerability assessment (VA) is introduced. This process involves the use of an attack modeling technique referred to as exploitation graphs (e-graphs). An e-graph is a straightforward representation of the overall security status of a network environment by associating system configurations and known vulnerabilities existing on different hosts. The graph generation process is introduced. A case study shows the effectiveness of the proposed approach in evaluating VA activities for an operational network environment.

AB - In this paper a practical security engineering process for vulnerability assessment (VA) is introduced. This process involves the use of an attack modeling technique referred to as exploitation graphs (e-graphs). An e-graph is a straightforward representation of the overall security status of a network environment by associating system configurations and known vulnerabilities existing on different hosts. The graph generation process is introduced. A case study shows the effectiveness of the proposed approach in evaluating VA activities for an operational network environment.

UR - https://www.scopus.com/pages/publications/84883308762

UR - https://www.scopus.com/pages/publications/84883308762#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:84883308762

SN - 9781604236750

T3 - 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006

SP - 352

EP - 357

BT - 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006

T2 - 19th International Conference on Computer Applications in Industry and Engineering, CAINE 2006

Y2 - 13 November 2006 through 15 November 2006

ER -

A Security Engineering Process for Vulnerability Assessment

Abstract

Publication series

Conference

ASJC Scopus Subject Areas

Other files and links

Fingerprint

Cite this