Item

A model for Android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

Petraityte, Milda
Dehghantanha, Ali
Epiphaniou, Gregory
Authors
Petraityte, Milda
 Dehghantanha, Ali
 Epiphaniou, Gregory
Editors
Other contributors
Affiliation
Epub Date
Issue Date
2018
Submitted date
Subjects
CVSS
 Risk management
 Risk calculation
 Vulnerability
 Exploitability
Show all metadata
Alternative
Abstract
Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.
Citation
Publisher
Elsevier
Journal
Research Unit
URI
http://hdl.handle.net/2436/621491
DOI
PubMed ID
PubMed Central ID
Embedded videos
Additional Links
Type
Chapter in book
Language
en
Description
Advances in Information Security book series (ADIS, volume 70): Cyber Threat Intelligence
Series/Report no.
ISSN
EISSN
ISBN
9783319739502
ISMN
Gov't Doc #
Sponsors
Rights
Research Projects
Organizational Units
Journal Issue
Embedded videos
Collections
Faculty of Science and Engineering