• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

A study on automation of AV(Atomic Vulnerability) ID assignment


Hyung-Jong Kim, Journal of Internet Computing and Services, Vol. 9, No. 6, pp. 49-62, Dec. 2008
Full Text:
Keywords: Meaning-based Vulnerability Identification, Vulnerability Assessment, Atomic vulnerability, Vulnerability Description Analysis

Abstract

AV (Atomic Vulnerability) is a conceptual definition representing a vulnerability in a systematic way, AVs are defined with respect to its type, location, and result. It is important information for meaning based vulnerability analysis method. Therefore the existing vulnerability can be expressed using multiple AVs, CVE (common vulnerability exposures) which is the most well-known vulnerability information describes the vulnerability exploiting mechanism using natural language. Therefore, for the AV-based analysis, it is necessary to search specific keyword from CVE's description and classify it using keyword and determination method. This paper introduces software design and implementation result, which can be used for atomic vulnerability analysis. The contribution of this work is in design and implementation of software which converts informal vulnerability description into formal AV based vulnerability definition.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Hyung-Jong Kim (2008). A study on automation of AV(Atomic Vulnerability) ID assignment. Journal of Internet Computing and Services, 9(6), 49-62.

[IEEE Style]
H. Kim, "A study on automation of AV(Atomic Vulnerability) ID assignment," Journal of Internet Computing and Services, vol. 9, no. 6, pp. 49-62, 2008.

[ACM Style]
Hyung-Jong Kim. 2008. A study on automation of AV(Atomic Vulnerability) ID assignment. Journal of Internet Computing and Services, 9, 6, (2008), 49-62.