Expert assessment on the probability of successful remote code execution attacks
2011 (English)In: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011, 2011, 49-58 p.Conference paper (Refereed)
This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.
Place, publisher, year, edition, pages
2011. 49-58 p.
Cyber security, Remote code execution, Software vulnerabilities
Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-79633ScopusID: 2-s2.0-84865207102ISBN: 978-989842561-4OAI: oai:DiVA.org:kth-79633DiVA: diva2:495638
The International Workshop on Security in Information Systems - WOSIS 2011. Beijing, China. 8-11 June, 2011
QC 201409082013-03-262012-02-092014-09-08Bibliographically approved