A Model for Vulnerability Analysis and Classification
- S. Engle and M. Bishop, “A Model for Vulnerability Analysis and Classification”, Technical Report CSE-2008-5, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2008).
In this paper, we present a model for vulnerability analysis that enables us to mitigate the complexity of modern systems through well-defined layers of abstraction. We use this model to build a new framework for vulnerability clas- sification. Finally, we present our results classifying buffer overflow vulnerabilities.