Invention Grant
- Patent Title: Value-adaptive security threat modeling and vulnerability ranking
- Patent Title (中): 价值适应性安全威胁建模和漏洞排名
-
Application No.: US12047293Application Date: 2008-03-12
-
Publication No.: US08392997B2Publication Date: 2013-03-05
- Inventor: Yue Chen , Barry W. Boehm , Luke Sheppard
- Applicant: Yue Chen , Barry W. Boehm , Luke Sheppard
- Applicant Address: US CA Los Angeles
- Assignee: University of Southern California
- Current Assignee: University of Southern California
- Current Assignee Address: US CA Los Angeles
- Agency: Fish & Richardson P.C.
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F15/177
Abstract:
Among others, techniques and systems are disclosed for analyzing security threats associated with software and computer vulnerabilities. Stakeholder values relevant for a software system are identified. The identified stakeholder values are quantified using a quantitative decision making approach to prioritize vulnerabilities of the software system. A structured attack graph is generated to include the quantified stakeholder values to define a scalable framework to evaluate attack scenarios. The structured attack graph includes two or more nodes. Based on the generated structured attack graph, structured attack paths are identified with each attack path representing each attack scenario.
Public/Granted literature
- US20090077666A1 Value-Adaptive Security Threat Modeling and Vulnerability Ranking Public/Granted day:2009-03-19
Information query
