A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies

Petraityte, Milda; Dehghantanha, Ali; Epiphaniou, Gregory

Cast your vote
You can rate an item by clicking the amount of stars they wish to award to this item. When enough users have cast their vote on this item, the average rating will also be shown.

Star rating

Your vote was cast
Thank you for your feedback

Authors

Petraityte, Milda
Dehghantanha, Ali
Epiphaniou, Gregory

Issue Date

2018

Metadata

Show full item record

Abstract

Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

Publisher

Elsevier

URI

http://hdl.handle.net/2436/621491

Type

Chapter in book

Language

Description

Advances in Information Security book series (ADIS, volume 70).

ISBN

9783319739502

Collections

Faculty of Science and Engineering