Assessment of Windows system security using vulnerability relationship graph

To evaluate the security situation of Windows systems for different users on different security attributes, this paper proposes a quantitative assessment method based on vulnerability relationship graph (VRG) and an index-based assessment policy. Through introducing the correlative influences of vulnerabilities, VRG can be used to scientifically detect high risk vulnerabilities which can evoke multistage attacks although their threats on surface are very little. Analysis of 1085 vulnerabilities indicates that for trusted remote visitors, the security of Windows systems is lower while for distrusted remote visitors, they are relatively secure. But there is no obvious difference of the security risk on confidentiality, authenticity and availability of Windows systems. In several known versions, the security of Windows NT is almost lowest.