Earticle

초록

영어

The Common Vulnerability Scoring System (CVSS) is a well-known framework for providing the characteristics of a vulnerability and a numerical score reflecting its severity. Since the existing CVSS has been developed for an information technology (IT) environment, it is not suitable for an intelligent building (IB) environment where OT Operational Technology (OT) and Internet of Things (IoT) are integrated. For example, compared to IT systems that prioritize confidentiality, OT systems prioritize safety and have a very long lifespan. Therefore, if a vulnerable component is exploited in an intelligent building environment, the impact may be different from that in the IT environment. This paper identifies problems that may occur when applying the traditional CVSS to an intelligent building environment. We also propose an effective method to extend the CVSS for an intelligent building environment using threat intelligence and rubric.

목차

Abstract
I. INTRODUCTION
II. RELATED WORK
III. PROPOSED PROCESS TO EXTEND CVSS
IV. DETAILED EXPLANATION OF THE PROPOSED PROCESS
A. Analyzing Characteristics of Intelligent Building
B. Threat Intelligence Collections
C. Rubric Development
D. Feedback
E. Metrics Extension
V. DISCUSSION AND CONCOLUSION
References

저자

• Minsu Park [ Dept. of AI-based Convergence Dankook University Gyeonggi-do Province, Republic of Korea ]
• Haein Kang [ Dept of AI-based Convergence Dankook University Gyeonggi-do Province, Republic of Korea ]
• Hyoil Han [ School of Information Technology Ilinoise State University Normal, IL, USA ]
• kyoungwon Suh [ School of Information Technology Ilinois State University Normal, IL, USA ]

참고문헌