research-article

Taxonomies of attacks and vulnerabilities in computer systems

Authors:

V. Igure,

R. WilliamsAuthors Info & Claims

IEEE Communications Surveys & Tutorials, Volume 10, Issue 1

Pages 6 - 19

https://doi.org/10.1109/COMST.2008.4483667

Published: 01 January 2008 Publication History

Abstract

Security assessment of a system is a difficult problem. Most of the current efforts in security assessment involve searching for known vulnerabilities. Finding unknown vulnerabilities still largely remains a subjective process. The process can be improved by understanding the characteristics and nature of known vulnerabilities. The knowledge thus gained can be organized into a suitable taxonomy, which can then be used as a framework for systematically examining new systems for similar but as yet unknown vulnerabilities. There have been many attempts at producing such taxonomies. This article provides a comprehensive survey of the important work done on developing taxonomies of attacks and vulnerabilities in computer systems. This survey covers work done in security related taxonomies from 1974 until 2006. Apart from providing a state-of-the-art survey of taxonomies, we also analyze their effectiveness for use in a security assessment process. Finally, we summarize the important properties of various taxonomies to provide a framework for organizing information about known attacks and vulnerabilities into a taxonomy that would benefit the security assessment process.

Cited By

View all

Pöhn DHommel W(2023)Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management SystemsSecurity and Communication Networks10.1155/2023/55733102023Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1155/2023/5573310
Pöhn DHommel W(2022)TaxIdMA: Towards a Taxonomy for Attacks related to IdentitiesProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544430(1-13)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544430
Gujral HSharma AJain PJuneja SMittal S(2022)Design and Implementation of a Quantitative Network Health Monitoring and Recovery SystemWireless Personal Communications: An International Journal10.1007/s11277-022-09554-9125:1(367-397)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11277-022-09554-9
Show More Cited By

Index Terms

Taxonomies of attacks and vulnerabilities in computer systems
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Insecurity of Operational IMS Call Systems: Vulnerabilities, Attacks, and Countermeasures
IMS (IP Multimedia Subsystem) is an essential 4G/5G component to offer multimedia services. It is used worldwide to support two call services: VoLTE (Voice over LTE) and VoWiFi (Voice over WiFi). In this study, it is shown that the signaling and voice ...
Cyberterrorism After Stuxnet - Terrorist Cyberattacks, Distributed Denial of Service (DDoS), Motives, Critical U.S. Infrastructure Vulnerabilities, al-Qaeda Computer Capability, PC Attacks
A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography
Invited Tutorial

Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Communications Surveys & Tutorials

IEEE Communications Surveys & Tutorials Volume 10, Issue 1

January 2008

84 pages

ISSN:1553-877X

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 January 2008

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pöhn DHommel W(2023)Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management SystemsSecurity and Communication Networks10.1155/2023/55733102023Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1155/2023/5573310
Pöhn DHommel W(2022)TaxIdMA: Towards a Taxonomy for Attacks related to IdentitiesProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544430(1-13)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544430
Gujral HSharma AJain PJuneja SMittal S(2022)Design and Implementation of a Quantitative Network Health Monitoring and Recovery SystemWireless Personal Communications: An International Journal10.1007/s11277-022-09554-9125:1(367-397)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11277-022-09554-9
Qureshi SLi JAkhtar FTunio SKhand ZWajahat A(2021)Analysis of Challenges in Modern Network Forensic FrameworkSecurity and Communication Networks10.1155/2021/88712302021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/8871230
Zimmer EBurkert CFederrath H(2021)Insiders Dissected: New Foundations and a Systematisation of the Research on InsidersDigital Threats: Research and Practice10.1145/34736743:1(1-35)Online publication date: 22-Oct-2021
https://dl.acm.org/doi/10.1145/3473674
Rea-Guaman AMejía JSan Feliu TCalvo-Manzano J(2020)AVARCIBER: a framework for assessing cybersecurity risksCluster Computing10.1007/s10586-019-03034-923:3(1827-1843)Online publication date: 1-Sep-2020
https://dl.acm.org/doi/10.1007/s10586-019-03034-9
Caturano FPerrone GRomano S(2020)Hacking Goals: A Goal-Centric Attack Classification FrameworkTesting Software and Systems10.1007/978-3-030-64881-7_19(296-301)Online publication date: 9-Dec-2020
https://dl.acm.org/doi/10.1007/978-3-030-64881-7_19
Ndiaye YBarais OBlouin ABouabdallah AAillery NHung CPapadopoulos G(2019)Requirements for preventing logic flaws in the authentication procedure of web applicationsProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297438(1620-1628)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297438
Resende PDrummond A(2018)A Survey of Random Forest Based Methods for Intrusion Detection SystemsACM Computing Surveys10.1145/317858251:3(1-36)Online publication date: 23-May-2018
https://dl.acm.org/doi/10.1145/3178582
Husari GAl-Shaer EAhmed MChu BNiu X(2017)TTPDrillProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134646(103-115)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134646
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Index Terms

Recommendations

Insecurity of Operational IMS Call Systems: Vulnerabilities, Attacks, and Countermeasures

Cyberterrorism After Stuxnet - Terrorist Cyberattacks, Distributed Denial of Service (DDoS), Motives, Critical U.S. Infrastructure Vulnerabilities, al-Qaeda Computer Capability, PC Attacks

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations