A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

Milda Petraityte; Ali Dehghantanha; Gregory Epiphaniou

doi:10.1007/978-3-319-73951-9_11

A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

Milda Petraityte
, Ali Dehghantanha
, Gregory Epiphaniou

Institute for Research in Applicable Computing (IRAC)

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

9 Citations (Scopus)

3 Downloads (Pure)

Abstract

Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

Original language	English
Title of host publication	Cyber Threat Intelligence
Publisher	Springer
Volume	70
ISBN (Print)	9783319739519
DOIs	https://doi.org/10.1007/978-3-319-73951-9_11
Publication status	Published - 24 Apr 2018

Keywords

CVSS
Exploitability
Risk calculation
Vulnerability

Access to Document

10.1007/978-3-319-73951-9_11

1807Accepted author manuscript, 1.21 MBLicence: CC BY-NC-ND

https://link.springer.com/chapter/10.1007/978-3-319-73951-9_11

Handle.net

Persistent link

Cite this

@inbook{04c3e5500bd9488abe788ef93e60904b,

title = "A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies",

abstract = "Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.",

keywords = "CVSS, Exploitability, Risk calculation, Vulnerability",

author = "Milda Petraityte and Ali Dehghantanha and Gregory Epiphaniou",

year = "2018",

month = apr,

day = "24",

doi = "10.1007/978-3-319-73951-9\_11",

language = "English",

isbn = "9783319739519",

volume = "70",

booktitle = "Cyber Threat Intelligence",

publisher = "Springer",

address = "Germany",

}

TY - CHAP

T1 - A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

AU - Petraityte, Milda

AU - Dehghantanha, Ali

AU - Epiphaniou, Gregory

PY - 2018/4/24

Y1 - 2018/4/24

N2 - Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

AB - Various researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.

KW - CVSS

KW - Exploitability

KW - Risk calculation

KW - Vulnerability

U2 - 10.1007/978-3-319-73951-9_11

DO - 10.1007/978-3-319-73951-9_11

M3 - Chapter

SN - 9783319739519

VL - 70

BT - Cyber Threat Intelligence

PB - Springer

ER -

A model for android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies

Abstract

Keywords

Access to Document

Handle.net

Fingerprint

Cite this