Modeling discovery and removal of security vulnerabilities in software system using priority queueing models |
| |
Authors: | Dae-Eun Lim Tae-Sung Kim |
| |
Affiliation: | 1. Division of Business and Commerce, Baekseok University, Cheonan, Chungnam, Republic of Korea 2. Department of Management Information Systems, Chungbuk National University, Cheongju, Chungbuk, Republic of Korea
|
| |
Abstract: | This paper aims to model the discovery and removal of software vulnerabilities based on queueing theory. The probabilistic characteristics of the arrival and service processes are the core elements of queueing theory. Discovering and removing software vulnerabilities corresponds arrival and service processes in queueing models, respectively. Vulnerabilities can be classified into groups depending upon its severity levels measured by CVSS (common vulnerability scoring system). Groups with higher severity levels are fixed more quickly than groups with lower severity levels. Priority queueing models can be used and give various performance indices: the number of unfixed vulnerabilities at arbitrary instances and waiting time before getting fixed. Moreover, the service rate to prevent the number or accumulated degree of vulnerabilities from exceeding the predetermined level can be estimated. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|