Title page for ETD etd-07152008-134515


Document Type Master's Dissertation
Author Li, Yun Lillian
URN etd-07152008-134515
Document Title An approach towards standardising vulnerability categories
Degree MSc (Computer Science)
Department Computer Science
Supervisor
Advisor Name Title
Dr H Venter Co-Supervisor
Prof J Eloff Supervisor
Keywords
  • standardising vulnerabililty categories
  • computer science
Date 2007-09-05
Availability unrestricted
Abstract
Computer vulnerabilities are design flaws, implementation or configuration errors that provide a means of exploiting a system or network that would not be available otherwise. The recent growth in the number of vulnerability scanning (VS) tools and independent vulnerability databases points to an apparent need for further means to protect computer systems from compromise. It is important for these tools and databases to interpret, correlate and exchange a large amount of information about computer vulnerabilities in order to use them effectively. However, this goal is hard to achieve because the current VS products differ extensively both in the way that they can detect vulnerabilities and in the number of vulnerabilities that they can detect. Each tool or database represents, identifies and classifies vulnerabilities in its own way, thus making them difficult to study and compare. Although the list of Common Vulnerabilities and Exposures (CVE) provides a means of solving the disparity in vulnerability names used in the different VS products, it does not standardise vulnerability categories. This dissertation highlights the importance of having a standard vulnerability category set and outlines an approach towards achieving this goal by categorising the CVE repository using a data-clustering algorithm. Prototypes are presented to verify the concept of standardizing vulnerability categories and how this can be used as the basis for comparison of VS products and improving scan reports.

2007 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria.

Please cite as follows:

Li, YL 2007, An approach towards standardizing vulnerability categories, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://upetd.up.ac.za/thesis/available/etd-07152008-134515/ >

E848/ag

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  dissertation.pdf 845.24 Kb 00:03:54 00:02:00 00:01:45 00:00:52 00:00:04

Browse All Available ETDs by ( Author | Department )

If you have more questions or technical problems, please Contact UPeTD.