TO STUDY AND ANALYZE THE IMPACT OF CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY (CIA) ON COMMON VULNERABILITY SCORING SYSTEM (CVSS) BASE SCORE
Main Article Content
Abstract
The Common Vulnerability Exposure (CVE) is a dictionary of publically known vulnerabilities. The Common Vulnerability Scoring System (CVSS) is a standard vulnerability severity scoring system to assign scores to vulnerabilities identified under CVE. The CVSS is calculated based on three metrics viz. Base metric, Temporal metric, and Environmental metric. The base metric defines the fundamental characteristics of the vulnerability. The temporal metrics define the characteristics of vulnerability which change over the time and the environmental metrics define the characteristics of the vulnerability specific to particular user’s or organization’s environment. The CVSS base score is available, in CVE dictionary and it can be refined by calculating and adding temporal and environmental metric score. In this paper, our objective is to compare and analyze the CVSS base score with an adjusted base score generated after adding user context requirement for CIA. To achieve this objective we have selected Google Android as a platform and apply CIA requirement in user context in various combinations of score viz. High, Low and Medium. The generated adjusted based score was analyzed and compared with existing base score to understand the impact of CIA on vulnerability severity score.
Downloads
Download data is not yet available.
Article Details
Section
Articles
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.