TO STUDY AND ANALYZE THE IMPACT OF CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY (CIA) ON COMMON VULNERABILITY SCORING SYSTEM (CVSS) BASE SCORE

Main Article Content

Deven Chandravadan Pandya
Dr. N.J. Patel

Abstract

The Common Vulnerability Exposure (CVE) is a dictionary of publically known vulnerabilities. The Common Vulnerability Scoring System (CVSS) is a standard vulnerability severity scoring system to assign scores to vulnerabilities identified under CVE. The CVSS is calculated based on three metrics viz. Base metric, Temporal metric, and Environmental metric. The base metric defines the fundamental characteristics of the vulnerability. The temporal metrics define the characteristics of vulnerability which change over the time and the environmental metrics define the characteristics of the vulnerability specific to particular user’s or organization’s environment. The CVSS base score is available, in CVE dictionary and it can be refined by calculating and adding temporal and environmental metric score. In this paper, our objective is to compare and analyze the CVSS base score with an adjusted base score generated after adding user context requirement for CIA. To achieve this objective we have selected Google Android as a platform and apply CIA requirement in user context in various combinations of score viz. High, Low and Medium. The generated adjusted based score was analyzed and compared with existing base score to understand the impact of CIA on vulnerability severity score.

Downloads

Download data is not yet available.

Article Details

Section
Articles