Vulnerability Modelling for Hybrid IT Systems
| Title | Vulnerability Modelling for Hybrid IT Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Ur-Rehman, Attiq, Gondal, Iqbal, Kamruzzuman, Joarder, Jolfaei, Alireza |
| Conference Name | 2019 IEEE International Conference on Industrial Technology (ICIT) |
| Date Published | Feb. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-6376-9 |
| Keywords | actual vulnerabilities, attack paths, Australia, Common Vulnerability Scoring System, Complexity theory, computer network security, Computing Theory, critical nodes, CVSS, CVSS v3 framework, CVSSIoT, Embedded systems, improved vulnerability scoring system, industry standard, Internet of Things, IoT, IoT devices, IoT embedded networks, IoT systems, Measurement, Metrics, national vulnerability database, Network topology, pubcrawl, realistic IT supply chain system, Safety, security, security metrics, supply chain, Topology, traditional computer systems, traditional IT security models, Vulnerability, Vulnerability Evaluation, vulnerability modelling |
| Abstract | Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices. |
| URL | https://ieeexplore.ieee.org/document/8755005/ |
| DOI | 10.1109/ICIT.2019.8755005 |
| Citation Key | ur-rehman_vulnerability_2019 |
- security
- IoT systems
- Measurement
- Metrics
- national vulnerability database
- network topology
- pubcrawl
- realistic IT supply chain system
- Safety
- IoT embedded networks
- Security Metrics
- Supply Chain
- Topology
- traditional computer systems
- traditional IT security models
- Vulnerability
- Vulnerability Evaluation
- vulnerability modelling
- CVSS v3 framework
- attack paths
- Australia
- Common Vulnerability Scoring System
- Complexity theory
- computer network security
- Computing Theory
- critical nodes
- CVSS
- actual vulnerabilities
- CVSSIoT
- embedded systems
- improved vulnerability scoring system
- industry standard
- Internet of Things
- IoT
- IoT devices