Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS

S.H. Houmb, V. Nunes Leal Franqueira, E.A. Engum

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    35 Downloads (Pure)

    Abstract

    Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of data, such as that for the Logging While Drilling (LWD) and Measurement While Drilling (MWD) subsystems. Here, data is recorded on site, packaged and then transferred to an on-shore operational centre. Today, the data is transferred on dedicated communication channels to ensure a secure and safe transfer, free from deliberately and accidental faults. However, as the cost control is ever more important some of the transfer will be over remotely accessible infrastructure in the future. Thus, communication will be prone to known security vulnerabilities exploitable by outsiders. This paper presents a model that estimates risk level of known vulnerabilities as a combination of frequency and impact estimates derived from the Common Vulnerability Scoring System (CVSS). The model is implemented as a Bayesian Belief Network (BBN).
    Original languageUndefined
    Title of host publicationISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering
    Place of PublicationUSA
    PublisherIEEE Computer Society Press
    Pages-
    Number of pages6
    ISBN (Print)978-1-4244-3417-6
    Publication statusPublished - 11 Nov 2008
    EventISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering, Seattle, US: ISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering - Washington, US
    Duration: 11 Nov 2008 → …

    Publication series

    NameIEEE CS Conference Proceedings
    PublisherIEEE Computer Society Press
    Number08HT8968C

    Conference

    ConferenceISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering, Seattle, US
    CityWashington, US
    Period11/11/08 → …

    Keywords

    • EWI-13616
    • IR-65040
    • METIS-252060
    • IS-SECURITY

    Cite this