Classes of Vulnerabilities and Attacks

@inproceedings{Meunier2008ClassesOV,
  title={Classes of Vulnerabilities and Attacks},
  author={Pascal Meunier},
  year={2008}
}
  • P. Meunier
  • Published 14 November 2008
  • Computer Science
In the first part of this article, popular vulnerability and attack types used in books, vulnerability disclosures, and databases are reviewed. They are discussed in the context of what makes them useful and how they fail to meet scientific criteria, without going into the exploit details. Practical efforts such as the various MITRE enumerations and lists of common security problems by other organizations are also reviewed. The second part discusses attempts at scientific classifications, with… 
A novel approach for software vulnerability classification
TLDR
A new approach for software vulnerability classification is proposed, which is based on vulnerability characteristics including accumulation of errors or resources consumption, strict timing requirement and complex interactions between environment and software.
Ontology based approach for perception of network security state
TLDR
This paper has proposed taxonomy and ontology which may be used to infer impact of various events happening in the network on security status of the network and a framework which uses this ontology as knowledgebase has been proposed.
Vulnerability Assessment In Cloud Computing
TLDR
This paper presents a vulnerability management framework for cloud computing that uses ontologies, a real world concepts that are modelled using an ontology language, to manage vulnerabilities in cloud.
A Testbed for the Evaluation of Web Intrusion Prevention Systems
  • Jeff Stuckman, J. Purtilo
  • Computer Science
    2011 Third International Workshop on Security Measurements and Metrics
  • 2011
TLDR
The concept of a benchmarking testbed, which automatically performs the evaluation in a standardized and reproducible way, is introduced, and it is determined that the testbed should automate several common web testing tasks on behalf of its modules in order to ease module development.
Taxonomy of malware detection techniques: A systematic literature review
TLDR
This study's aim is to scrutinize existing publications on malware to follow the trend that has taken place in the advancement and development with reference to the amount of information and sources of such literature.
Cybersecurity Snapshot: Google, Twitter, and Other Online Databases
TLDR
Reoccurring cyber threats, challenges associated with these threats, and emerging trends in the domain of cyber security are brought to light.
A Review of Fuzzing Tools and Methods
TLDR
All software applications of any significant size and complexity are still likely to contain undetected vulnerabilities and it is also frequently possible for skilled attackers to bypass any defences that are implemented at the operating system level.
Severity Prediction of Software Vulnerabilities Using Textual Data
TLDR
A prediction model is developed which will take textual description of Apache Tomcat vulnerabilities as input and will predict the severity of the vulnerabilities and it is observed that comparatively information gain gave better results among feature selection technique.
An Application Security Assessment of Popular Free Android Applications
TLDR
This work assesses 20 Android applications using a custom testing methodology based on the OWASP Mobile Project and looks for common vulnerabilities, evaluating existing vulnerability classifications and arguing which ones are most fitting to apply to Android vulnerabilities for educational and research purposes.
...
1
2
3
...

References

SHOWING 1-10 OF 47 REFERENCES
A Structured Approach to Classifying Security Vulnerabilities
TLDR
A classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities is proposed and should lead to greater automation in analyzing code vulnerabilities and supporting effective communication between geographically remote vulnerability handling teams and vendors.
A Vulnerability Taxonomy Methodology applied to the Web Services
TLDR
A methodology for taxonomizing vulnerabilities based on the likelihood that they will be present in a certain system is presented, thereby providing a tool to focus efforts in securing Web Services.
A taxonomy of causes of software vulnerabilities in Internet software
TLDR
A structured taxonomy of the most frequently occuring causes of vulnerabilities is proposed, which can be useful in a number of scenarios: as an aid for developers, to avoid common pitfalls, as didactical material for students in software engineering or as a “checklist” for software testers or auditors.
Computer Vulnerability Analysis
TLDR
The analysis of each vulnerability identifies its characteristics, the [expected] policies violated by its exploitation, and contributes to the understanding of the steps that are needed for the eradication of these vulnerabilities in future programs.
A software flaw taxonomy
TLDR
This work coalesced previous efforts to categorize security problems as well as incident reports in order to create a security flaw taxonomy, and suggests that this taxonomy is suitable for tool developers and to outline possible areas of future research.
Common Vulnerability Scoring System
TLDR
The Common Vulnerability Scoring System is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities.
Vulnerabilities Analysis
This note presents a new model for classifying vulnerabilities in computer systems. The model is structurally different than earlier models, It decomposes vulnerabilities into small parts, called
The Case for Common Flaw Enumeration
TLDR
This work proposes to extend the coverage of the CVE concept into security-based code assessment tools and services to help shape and mature this new code security assessment industry and also dramatically accelerate the use and utility of these capabilities for organizations in reviewing the software systems they acquire or develop.
Protection Analysis: Final Report
TLDR
The primary goal of the project was to make protection evaluation both more effective and more economical by decomposing it into more manageable and methodical subtasks so as to drastically reduce the requirement for protection expertise and make it as independent as possible of the skills and motivation of the actual individuals involved.
A vulnerability taxonomy for network protocols: Corresponding engineering best practice countermeasures
TLDR
This paper attempts to document and classify network protocol related vulnerabilities and the corresponding engineering countermeasures, with a goal of helping the engineering teams not repeat the errors that are the root causes of these vulnerabilities.
...
1
2
3
4
5
...