A static code analysis-based mathematical model-driven vulnerability risk assessment framework for health information applications in cloud Online publication date: Mon, 10-Jan-2022
by Dennis B. Park; Xiaolong Li; A. Mehran Shahhosseini; Li-Shiang Tsay
International Journal of Forensic Engineering and Management (IJFEM), Vol. 1, No. 2, 2021
Abstract: A recent survey shows that the most vulnerable IT sources are business applications (Skybox Security, 2019). Many risk assessment frameworks that exist today, however, do not use the application code as an input source of their risk assessments for the business applications. Instead, they mostly rely on traditional questionnaires, surveys, or meetings to collect the data. Thus, it would be gainful if one can assess the security posture of the software applications with the applications' codes themselves as their data source in assessing their cloud adoption risks. Therefore, this research studies and develops a risk assessment framework that utilises data generated from static code analysis (SCA) on applications as an input source for the application's cloud risk assessment, especially on health information applications because health information applications are the least cloud adopted applications (TCS, 2012). In addition, this study develops the harmonisation methods between security warning information obtained from the SCA tool and the common vulnerability scoring system (CVSS) scores to calculate the cloud risks instead of relying on risk evaluators' assessment.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Forensic Engineering and Management (IJFEM):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com