Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Success Rate of Remote Code Execution Attacks: Expert Assessments and Observations
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-2017-7914
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2012 (English)In: Journal of universal computer science (Online), ISSN 0948-695X, E-ISSN 0948-6968, Vol. 18, no 6, 732-749 p.Article in journal (Refereed) Published
Abstract [en]

This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.

Place, publisher, year, edition, pages
J.UCS consortium , 2012. Vol. 18, no 6, 732-749 p.
Keyword [en]
Cyber security, Remote code execution, Software vulnerabilities
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-91649DOI: 10.3217/jucs-018-06-0732ISI: 000304354800002Scopus ID: 2-s2.0-84862696351OAI: oai:DiVA.org:kth-91649DiVA: diva2:510940
Note

QC 20120702

Available from: 2013-03-20 Created: 2012-03-19 Last updated: 2017-12-07Bibliographically approved

Open Access in DiVA

fulltext(190 kB)95 downloads
File information
File name FULLTEXT02.pdfFile size 190 kBChecksum SHA-512
a98a9c6f040a8aa4f69451155d3f7aa908bd58cba48e7e9dffdce8f5b4d3ff5992ff3b6a24066ba7d36bd7dc27b342d3b250dd2c454e0b9b9bc60237ed836369
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopusJournal of Universal Computer Science

Authority records BETA

Franke, UlrikEkstedt, Mathias

Search in DiVA

By author/editor
Holm, HannesSommestad, TeodorFranke, UlrikEkstedt, Mathias
By organisation
Industrial Information and Control Systems
In the same journal
Journal of universal computer science (Online)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 95 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 115 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf