Vulnerability Modelling for Hybrid IT Systems

Attiq Ur-Rehman, Iqbal Gondal, Joarder Kamruzzaman, Alireza Jolfaei

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

15 Citations (Scopus)


Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE International Conference on Industrial Technology, ICIT 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781538663769
Publication statusPublished - Feb 2019
Externally publishedYes

Publication series

NameProceedings of the IEEE International Conference on Industrial Technology


  • Cvss
  • Iot
  • Security
  • Supply chain
  • Vulnerability


Dive into the research topics of 'Vulnerability Modelling for Hybrid IT Systems'. Together they form a unique fingerprint.

Cite this