Network security metrics (NSMs) based on models allow to quantitatively evaluate the
overall resilience of networked systems against attacks. For that reason, such metrics are of …

Embedded systems are the driving force for technological development in many domains
such as automotive, healthcare, and industrial control in the emerging post-PC era. As more …

In the past decades, a significant increase has been observed in cyberattacks on the web-
based systems used for financial purposes. Such individual systems often contain security …

Diversity has long been regarded as a security mechanism for improving the resilience of
software and networks against various attacks. More recently, diversity has found new …

By enabling a direct comparison of different security solutions with respect to their relative
effectiveness, a network security metric may provide quantifiable evidences to assist security …

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for
assessing software vulnerabilities. However, it has been criticized for lack of validity and …

In the face of increasing numbers of cyber-attacks, it is critical for organisations to
understand the risk they are exposed to even after deploying security controls. This residual …

Cloud virtualization technology, ingrained with physical resource sharing, prompts
cybersecurity threats on users' virtual machines (VMs) due to the presence of inevitable …

Vulnerability remediation is a critical task in operational software and network security
management. In this article, an effective vulnerability management strategy, called VULCON …

This paper presents the Predictive, Probabilistic Cyber Security Modeling Language (P 2
CySeMoL), an attack graph tool that can be used to estimate the cyber security of enterprise …