سال انتشار: ۱۳۸۵

محل انتشار: دوازدهمین کنفرانس سالانه انجمن کامپیوتر ایران

تعداد صفحات: ۷

نویسنده(ها):

Hamid Reza Sharriari – Network Security Center, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran
Rasool Jalili – Network Security Center, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

چکیده:

In this paper, we first propose formal definitions of vulnerability , exploit , and attak in computer systems. The presented definition of vulnerability is based on its likely effect on the system. Which is often overlooked. Then we suggest an impact based categorization of vulnerabilities and their formal definition model to define the categories , the categorizationis independent of take-grant protection models. A broad examplesof vulnerabilities are presented to show the categorization usefulness.