A NEW VULNERABILITY TAXONOMY BASED ON PRIVILEGE ESCALATION

Zhang Yongzheng, Yun Xiaochun

Abstract

Computer security vulnerabilities badly compromise the system security. To profoundly understand the causes of known vulnerabilities and prevent them, this paper develops a new taxonomic character, and then integrates a privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute. This taxonomy greatly contributes to further researches of security risk assessment of computer system.

References

  1. Aslam, T., 1995. A Taxonomy of Security Faults in the Unix Operating System. M.S.thesis, Purdue University.
  2. Aslam, T., Krsul, I., Spafford, E.H., 1996. Use of A Taxonomy of Security Faults, the 19th National Information System Security Conference, Baltimore, Maryland, October, 22-25.
  3. Bishop, M.D., Bailey, D., 1996. A Critical Analysis of Vulnerability Taxonomies. Tech. Rep. CSE-96-11. Department of Computer Science at the University of California at Davis. September.
  4. Knight, E., Hartley, B.V., 2000. Is Your Network Inviting an Attack? Internet Security Advisor. May/June: 2-5.
  5. Jiwnani, K., Zelkowitz, M., 2002. Maintaining Software with a Security Perspective, Proceedings of the International Conference on Software Maintenance(ICSM'02), pp. 194-203.
  6. Wang, L. D., 2002. Quantitative Security Risk Assessment Method for Computer System and Network. Ph.D. thesis, Harbin Institute of Technology.
  7. Simpson, G. G., 1961. Principles of Animal Taxonomy. Columbia University Press.
  8. Glass, R. L., Vessey, I., 1995. Contemporary Application-Domain Taxonomies. IEEE Software 12, 4 (July), 63-76.
  9. Longstaff, T., 1997. Update: CERT/CC Vulnerability Knowledgebase. Technical pre-sentation at a DARPA workshop in Savannah, Georgia.
Download


Paper Citation


in Harvard Style

Yongzheng Z. and Xiaochun Y. (2004). A NEW VULNERABILITY TAXONOMY BASED ON PRIVILEGE ESCALATION . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 596-600. DOI: 10.5220/0002593205960600


in Bibtex Style

@conference{iceis04,
author={Zhang Yongzheng and Yun Xiaochun},
title={A NEW VULNERABILITY TAXONOMY BASED ON PRIVILEGE ESCALATION},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={596-600},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002593205960600},
isbn={972-8865-00-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A NEW VULNERABILITY TAXONOMY BASED ON PRIVILEGE ESCALATION
SN - 972-8865-00-7
AU - Yongzheng Z.
AU - Xiaochun Y.
PY - 2004
SP - 596
EP - 600
DO - 10.5220/0002593205960600