Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to the distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS IoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system but also exploits unique characteristics of IoT devices.
|IEEE International Conference on Industrial Technology
|20th IEEE International Conference on Industrial Technology, ICIT 2019
|13/02/19 → 15/02/19
- supply chain
- Supply chain