Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Expert assessment on the probability of successful remote code execution attacks
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-2017-7914
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2011 (English)In: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011, 2011, 49-58 p.Conference paper, Published paper (Refereed)
Abstract [en]

This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.

Place, publisher, year, edition, pages
2011. 49-58 p.
Keyword [en]
Cyber security, Remote code execution, Software vulnerabilities
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-79633Scopus ID: 2-s2.0-84865207102ISBN: 978-989842561-4 (print)OAI: oai:DiVA.org:kth-79633DiVA: diva2:495638
Conference
The International Workshop on Security in Information Systems - WOSIS 2011. Beijing, China. 8-11 June, 2011
Note

QC 20140908

Available from: 2013-03-26 Created: 2012-02-09 Last updated: 2014-09-08Bibliographically approved

Open Access in DiVA

fulltext(748 kB)650 downloads
File information
File name FULLTEXT01.pdfFile size 748 kBChecksum SHA-512
60dbf4b5c6dc0cae367059d324155c1224c98176e0456bd68443421ba8409c80ca6b571febef38c52c1bc63dbae5f1be0df1d3ac1b0b02510bcc2488245b6225
Type fulltextMimetype application/pdf

Scopus

Authority records BETA

Franke, UlrikEkstedt, Mathias

Search in DiVA

By author/editor
Holm, HannesSommestad, TeodorFranke, UlrikEkstedt, Mathias
By organisation
Industrial Information and Control Systems
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 650 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 139 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf