scispace - formally typeset

Topic

Vulnerability (computing)

About: Vulnerability (computing) is a(n) research topic. Over the lifetime, 8531 publication(s) have been published within this topic receiving 116697 citation(s). The topic is also known as: vuln & security vulnerability.


Papers
More filters
Journal ArticleDOI
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Abstract: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

3,171 citations

Journal ArticleDOI
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Abstract: Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Previously, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of work in the area and identify some important open challenges.

1,969 citations

Journal ArticleDOI
Abstract: A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.In this article, we expose an unknown vulnerability of existing bad measurement detection algorithms by presenting and analyzing a new class of attacks, called false data injection attacks, against state estimation in electric power grids. Under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations, such attacks can introduce arbitrary errors into certain state variables without being detected by existing algorithms. Moreover, we look at two scenarios, where the attacker is either constrained to specific meters or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios to change the results of state estimation in arbitrary ways. We also extend these attacks to generalized false data injection attacks, which can further increase the impact by exploiting measurement errors typically tolerated in state estimation. We demonstrate the success of these attacks through simulation using IEEE test systems, and also discuss the practicality of these attacks and the real-world constraints that limit their effectiveness.

1,717 citations

Journal ArticleDOI
Abstract: Three criteria for evaluating the possible performance of water resource systems are discussed. These measures describe how likely a system is to fail (reliability), how quickly it recovers from failure (resiliency), and how severe the consequences of failure may be (vulnerability). These criteria can be used to assist in the evaluation and selection of alternative design and operating policies for a wide variety of water resource projects. The performance of a water supply reservoir with a variety of operating policies illustrates their use.

1,286 citations


Network Information
Related Topics (5)
Server

79.5K papers, 1.4M citations

83% related
Software development

73.8K papers, 1.4M citations

81% related
Mobile computing

51.3K papers, 1M citations

81% related
Encryption

98.3K papers, 1.4M citations

81% related
Wireless ad hoc network

49K papers, 1.1M citations

80% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202222
2021648
2020807
2019823
2018671
2017615