Common vulnerability markup language

被引:0
|
作者
Tian, HT [1 ]
Huang, LS [1 ]
Zhou, Z [1 ]
Zhang, H [1 ]
机构
[1] Univ Sci & Technol China, Dept Comp Sci, Hefei 230026, Anhui, Peoples R China
来源
APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS | 2003年 / 2846卷
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Discovering, disclosing, and patching vulnerabilities in computer systems play a key role in the security area, but now vulnerability information from different sources is usually ambiguous text-based description that can't be efficiently shared and used in automated process. After explaining a model of vulnerability life cycle, this paper presents an XML-based common vulnerability markup language (CVML) describing vulnerabilities in a more structural way. Besides regular information contained in most of current vulnerability databases, information about classification, evaluation, checking existence and attack generation is also given in CVML. So it supports automated vulnerability assessment and remedy. A prototype of automated vulnerability management architecture based on CVML has been implemented. More manageable vulnerability databases will be built; promulgating and sharing of vulnerability knowledge will be easier; comparison and fusion of vulnerability information from different sources will be more efficient; moreover automated scanning and patching of vulnerabilities will lead to self-managing systems.
引用
收藏
页码:228 / 240
页数:13
相关论文
共 50 条
  • [21] Working with extensible markup language
    Passin, TB
    16TH INTERNATIONAL CONFERENCE ON INTERACTIVE INFORMATION AND PROCESSING SYSTEMS (IIPS) FOR METEOROLOGY, OCEANOGRAPHY AND HYDROLOGY, 2000, : 426 - 429
  • [22] Movie Script Markup Language
    Van Rijsselbergen, Dieter
    Van De Keer, Barbara
    Verwaest, Maarten
    Mannens, Erik
    Van de Walle, Rik
    DOCENG'09: PROCEEDINGS OF THE 2009 ACM SYMPOSIUM ON DOCUMENT ENGINEERING, 2009, : 161 - 170
  • [23] IML: An image markup language
    Lober, WB
    Trigg, LJ
    Bliss, D
    Brinkley, JM
    JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION, 2001, : 403 - 407
  • [24] The Petri Net Markup Language
    Weber, M
    Kindler, E
    PETRI NET TECHNOLOGY FOR COMMUNICATION-BASED SYSTEMS, 2003, 2472 : 124 - 144
  • [25] Test Markup language (TML)
    Wegener, SA
    2002 IEEE AUTOTESTCON PROCEEEDINGS, SYSTEMS READINESS TECHNOLOGY CONFERENCE, 2002, : 585 - 596
  • [26] Standard generalized markup language
    Aerospace Engineering (Warrendale, Pennsylvania), 1994, 14 (03):
  • [27] Earth Science markup language
    Ramachandran, R
    Alshayeb, M
    Beaumont, B
    Conover, H
    Graves, S
    Hanish, N
    Li, X
    Movva, S
    McDowell, A
    Smith, M
    17TH INTERNATIONAL CONFERENCE ON INTERACTIVE INFORMATION AND PROCESSING SYSTEMS (IIPS) FOR METEOROLOGY, OCEANOGRAPHY, AND HYDROLOGY, 2001, : 290 - 292
  • [28] NVML: NaVigation markup language
    Takayama, K
    Maeda, Y
    Naito, H
    FUJITSU SCIENTIFIC & TECHNICAL JOURNAL, 2003, 39 (02): : 270 - 276
  • [29] XML: Extended markup language
    Electronic Design, 2001, 49 (10)
  • [30] Ground Station Markup Language
    Cutler, JW
    2004 IEEE AEROSPACE CONFERENCE PROCEEDINGS, VOLS 1-6, 2004, : 3337 - 3343
12345