Hyung-Jong Kim, Journal of Internet Computing and Services, Vol. 9, No. 6, pp. 49-62, Dec. 2008
Full Text:
Keywords: Meaning-based Vulnerability Identification, Vulnerability Assessment, Atomic vulnerability, Vulnerability Description Analysis

Abstract

AV (Atomic Vulnerability) is a conceptual definition representing a vulnerability in a systematic way, AVs are defined with respect to its type, location, and result. It is important information for meaning based vulnerability analysis method. Therefore the existing vulnerability can be expressed using multiple AVs, CVE (common vulnerability exposures) which is the most well-known vulnerability information describes the vulnerability exploiting mechanism using natural language. Therefore, for the AV-based analysis, it is necessary to search specific keyword from CVE's description and classify it using keyword and determination method. This paper introduces software design and implementation result, which can be used for atomic vulnerability analysis. The contribution of this work is in design and implementation of software which converts informal vulnerability description into formal AV based vulnerability definition.

Statistics
Cite this article