Visible to the public Vulnerability Modelling for Hybrid IT Systems

TitleVulnerability Modelling for Hybrid IT Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsUr-Rehman, Attiq, Gondal, Iqbal, Kamruzzuman, Joarder, Jolfaei, Alireza
Conference Name2019 IEEE International Conference on Industrial Technology (ICIT)
Date PublishedFeb. 2019
PublisherIEEE
ISBN Number978-1-5386-6376-9
Keywordsactual vulnerabilities, attack paths, Australia, Common Vulnerability Scoring System, Complexity theory, computer network security, Computing Theory, critical nodes, CVSS, CVSS v3 framework, CVSSIoT, Embedded systems, improved vulnerability scoring system, industry standard, Internet of Things, IoT, IoT devices, IoT embedded networks, IoT systems, Measurement, Metrics, national vulnerability database, Network topology, pubcrawl, realistic IT supply chain system, Safety, security, security metrics, supply chain, Topology, traditional computer systems, traditional IT security models, Vulnerability, Vulnerability Evaluation, vulnerability modelling
Abstract

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

URLhttps://ieeexplore.ieee.org/document/8755005/
DOI10.1109/ICIT.2019.8755005
Citation Keyur-rehman_vulnerability_2019