Vulnerability modelling for hybrid IT systems

Attiq Ur-Rehman; Iqbal Gondal; Joarder Kamruzzuman; Alireza Jolfaei

doi:10.1109/ICIT.2019.8755005

Vulnerability modelling for hybrid IT systems

Attiq Ur-Rehman, Iqbal Gondal, Joarder Kamruzzuman, Alireza Jolfaei

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

21 Citations (Scopus)

Abstract

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to the distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS _IoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS _IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system but also exploits unique characteristics of IoT devices.

Original language	English
Title of host publication	Proceedings 2019 IEEE International Conference on Industrial Technology (ICIT)
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	1186-1191
Number of pages	6
ISBN (Electronic)	9781538663769
DOIs	https://doi.org/10.1109/ICIT.2019.8755005
Publication status	Published - 2019
Externally published	Yes
Event	20th IEEE International Conference on Industrial Technology, ICIT 2019 - Melbourne, Australia Duration: 13 Feb 2019 → 15 Feb 2019

Publication series

Name	IEEE International Conference on Industrial Technology
Publisher	IEEE
ISSN (Print)	2643-2978

Conference

Conference	20th IEEE International Conference on Industrial Technology, ICIT 2019
Country/Territory	Australia
City	Melbourne
Period	13/02/19 → 15/02/19

Keywords

CVSS
IoT
vunerability
supply chain
security
Supply chain
Cvss
Vulnerability
Security
Iot

Access to Document

10.1109/ICIT.2019.8755005

Cite this

@inproceedings{e10b82966f124b0f89c14837ccc5257d,

title = "Vulnerability modelling for hybrid IT systems",

abstract = "Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to the distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS IoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system but also exploits unique characteristics of IoT devices.",

keywords = "CVSS, IoT, vunerability, supply chain, security, Supply chain, Cvss, Vulnerability, Security, Iot",

author = "Attiq Ur-Rehman and Iqbal Gondal and Joarder Kamruzzuman and Alireza Jolfaei",

year = "2019",

doi = "10.1109/ICIT.2019.8755005",

language = "English",

series = "IEEE International Conference on Industrial Technology",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "1186--1191",

booktitle = "Proceedings 2019 IEEE International Conference on Industrial Technology (ICIT)",

address = "United States",

note = "20th IEEE International Conference on Industrial Technology, ICIT 2019 ; Conference date: 13-02-2019 Through 15-02-2019",

}

Ur-Rehman, A, Gondal, I, Kamruzzuman, J & Jolfaei, A 2019, Vulnerability modelling for hybrid IT systems. in Proceedings 2019 IEEE International Conference on Industrial Technology (ICIT). IEEE International Conference on Industrial Technology, Institute of Electrical and Electronics Engineers (IEEE), pp. 1186-1191, 20th IEEE International Conference on Industrial Technology, ICIT 2019, Melbourne, Victoria, Australia, 13/02/19. https://doi.org/10.1109/ICIT.2019.8755005

Vulnerability modelling for hybrid IT systems. / Ur-Rehman, Attiq; Gondal, Iqbal; Kamruzzuman, Joarder et al.
Proceedings 2019 IEEE International Conference on Industrial Technology (ICIT). Institute of Electrical and Electronics Engineers (IEEE), 2019. p. 1186-1191 (IEEE International Conference on Industrial Technology).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Vulnerability modelling for hybrid IT systems

AU - Ur-Rehman, Attiq

AU - Gondal, Iqbal

AU - Kamruzzuman, Joarder

AU - Jolfaei, Alireza

PY - 2019

Y1 - 2019

N2 - Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to the distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS IoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system but also exploits unique characteristics of IoT devices.

AB - Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to the distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSS IoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSS IoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system but also exploits unique characteristics of IoT devices.

KW - CVSS

KW - IoT

KW - vunerability

KW - supply chain

KW - security

KW - Supply chain

KW - Cvss

KW - Vulnerability

KW - Security

KW - Iot

UR - http://www.scopus.com/inward/record.url?scp=85069056225&partnerID=8YFLogxK

U2 - 10.1109/ICIT.2019.8755005

DO - 10.1109/ICIT.2019.8755005

M3 - Conference proceeding contribution

T3 - IEEE International Conference on Industrial Technology

SP - 1186

EP - 1191

BT - Proceedings 2019 IEEE International Conference on Industrial Technology (ICIT)

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 20th IEEE International Conference on Industrial Technology, ICIT 2019

Y2 - 13 February 2019 through 15 February 2019

ER -

Vulnerability modelling for hybrid IT systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this