Vulnerabilities scoring approach for cloud SaaS
There are full of challenges to score vulnerabilities of cloud services developed by different third-party pro-viders.Although there have been a few systems for scoring vulnerabilities (e.g.,CVSS) of many existing software,most of them are unable to be leveraged to score vulnerabilities in cloud ser...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2016-08-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016166/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539221728264192 |
|---|---|
| author | Zhou LI Cong TANG Jian-bin HU Zhong CHEN |
| author_facet | Zhou LI Cong TANG Jian-bin HU Zhong CHEN |
| author_sort | Zhou LI |
| collection | DOAJ |
| description | There are full of challenges to score vulnerabilities of cloud services developed by different third-party pro-viders.Although there have been a few systems for scoring vulnerabilities (e.g.,CVSS) of many existing software,most of them are unable to be leveraged to score vulnerabilities in cloud services,because they fail to consider some important factors located in the clouds such as business context (i.e.,dependency relationships between services).VScorer,a novel security frame work to score vulnerabilities in various cloud services were presented based on different given require-ments.By inputting concrete business context and security requirement into VScorer,cloud provider can get a ranking list of vulnerabilities in the business based on the given security requirement.Following the ranking list,cloud provider was able to patch the most critical vulnerabilities first.A prototype was developed and VScorer can be demonstrazed to work better than current representative vulnerability scoring system CVSS. |
| format | Article |
| id | doaj-art-a5d61fa82b3446bd964da3db75d00285 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2016-08-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-a5d61fa82b3446bd964da3db75d002852025-01-14T07:25:35ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2016-08-013715716659702997Vulnerabilities scoring approach for cloud SaaSZhou LICong TANGJian-bin HUZhong CHENThere are full of challenges to score vulnerabilities of cloud services developed by different third-party pro-viders.Although there have been a few systems for scoring vulnerabilities (e.g.,CVSS) of many existing software,most of them are unable to be leveraged to score vulnerabilities in cloud services,because they fail to consider some important factors located in the clouds such as business context (i.e.,dependency relationships between services).VScorer,a novel security frame work to score vulnerabilities in various cloud services were presented based on different given require-ments.By inputting concrete business context and security requirement into VScorer,cloud provider can get a ranking list of vulnerabilities in the business based on the given security requirement.Following the ranking list,cloud provider was able to patch the most critical vulnerabilities first.A prototype was developed and VScorer can be demonstrazed to work better than current representative vulnerability scoring system CVSS.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016166/SaaScloud servicevulnerability scoring systemCVSS |
| spellingShingle | Zhou LI Cong TANG Jian-bin HU Zhong CHEN Vulnerabilities scoring approach for cloud SaaS Tongxin xuebao SaaS cloud service vulnerability scoring system CVSS |
| title | Vulnerabilities scoring approach for cloud SaaS |
| title_full | Vulnerabilities scoring approach for cloud SaaS |
| title_fullStr | Vulnerabilities scoring approach for cloud SaaS |
| title_full_unstemmed | Vulnerabilities scoring approach for cloud SaaS |
| title_short | Vulnerabilities scoring approach for cloud SaaS |
| title_sort | vulnerabilities scoring approach for cloud saas |
| topic | SaaS cloud service vulnerability scoring system CVSS |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016166/ |
| work_keys_str_mv | AT zhouli vulnerabilitiesscoringapproachforcloudsaas AT congtang vulnerabilitiesscoringapproachforcloudsaas AT jianbinhu vulnerabilitiesscoringapproachforcloudsaas AT zhongchen vulnerabilitiesscoringapproachforcloudsaas |