語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Quantitative risk analysis of comput...
~
Bilar, Daniel.
FindBook
Google Book
Amazon
博客來
Quantitative risk analysis of computer networks.
紀錄類型:
書目-電子資源 : Monograph/item
正題名/作者:
Quantitative risk analysis of computer networks./
作者:
Bilar, Daniel.
面頁冊數:
131 p.
附註:
Source: Dissertation Abstracts International, Volume: 64-11, Section: B, page: 5598.
Contained By:
Dissertation Abstracts International64-11B.
標題:
Computer Science. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3114255
Quantitative risk analysis of computer networks.
Bilar, Daniel.
Quantitative risk analysis of computer networks.
- 131 p.
Source: Dissertation Abstracts International, Volume: 64-11, Section: B, page: 5598.
Thesis (Ph.D.)--Dartmouth College, 2003.
Quantitative Risk Analysis of Computer Networks (QSRA) addresses the problem of risk opacity of software in networks. It allows risk managers to get a detailed and comprehensive snapshot of the constitutive software on the network, assess its risk with assistance of a vulnerability database, and manage that risk by rank ordering measures that should be taken in order to reduce it, subject to cost, functionality and risk constraints. A theoretical methodology is proposed and a prototype implementation has been developed. Six out-of-the-box popular operating systems were studied using the methodology and the prototype.Subjects--Topical Terms:
626642
Computer Science.
Quantitative risk analysis of computer networks.
LDR
:02959nmm 2200301 4500
001
1861053
005
20041111103539.5
008
130614s2003 eng d
035
$a
(UnM)AAI3114255
035
$a
AAI3114255
040
$a
UnM
$c
UnM
100
1
$a
Bilar, Daniel.
$3
1948670
245
1 0
$a
Quantitative risk analysis of computer networks.
300
$a
131 p.
500
$a
Source: Dissertation Abstracts International, Volume: 64-11, Section: B, page: 5598.
500
$a
Chairperson: George Cybenko.
502
$a
Thesis (Ph.D.)--Dartmouth College, 2003.
520
$a
Quantitative Risk Analysis of Computer Networks (QSRA) addresses the problem of risk opacity of software in networks. It allows risk managers to get a detailed and comprehensive snapshot of the constitutive software on the network, assess its risk with assistance of a vulnerability database, and manage that risk by rank ordering measures that should be taken in order to reduce it, subject to cost, functionality and risk constraints. A theoretical methodology is proposed and a prototype implementation has been developed. Six out-of-the-box popular operating systems were studied using the methodology and the prototype.
520
$a
We find that around 75% of discovered vulnerabilities are patchable within two weeks, and around 90% within 40 days after initial discovery. We find a statistically significant time window difference between security-audited and non-security audited software. Across the operating systems, the majority of faults give rise to availability and full compromise consequences. There is a statistically significant difference between fault types: Input validation faults are proportionally over-represented. There is a statistically significant difference between consequence types: Full compromise consequences are proportionally over-represented. There is, however, no statistically significant fault or consequence proportion difference between the audited systems.
520
$a
QSRA's risk assessment model calculated that for all audited systems, four to six months after their respective release date, the probabilities are very high (66% to 99%) that an attacker can conduct a full consequence compromise, remotely and locally. Risk management analysis for remote risk probabilities indicates that, given a moderate fault count, QSRA's 'highest risk' analytic risk mitigation strategy consistently outperforms the simpler strategy of choosing software with the highest vulnerability count. 'Highest risk' outperforms the undifferentiated 'highest count' strategy for at least four out of the six tested operating systems and for four out of five fault consequences.
590
$a
School code: 0059.
650
4
$a
Computer Science.
$3
626642
650
4
$a
Engineering, System Science.
$3
1018128
650
4
$a
Business Administration, Management.
$3
626628
690
$a
0984
690
$a
0790
690
$a
0454
710
2 0
$a
Dartmouth College.
$3
1025074
773
0
$t
Dissertation Abstracts International
$g
64-11B.
790
1 0
$a
Cybenko, George,
$e
advisor
790
$a
0059
791
$a
Ph.D.
792
$a
2003
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3114255
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9179753
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入